CybelAngel: Cloud Storage leaks grew by 150% in 2021

Tooday CybelAngel published in-depth original research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks

CybelAngel, a digital risk protection company, today published in-depth original research revealing that data leaks and shadow assets are the greatest source of exposure to cyber attacks faced by large organisations across the globe. The report also highlights how the market pressures of 2021 led to an increase of such risks, with cloud storage leaks increasing by 150% compared to 2020.    

Based on data from a sample group of customers, the research report: 'A Year in Proactive Cybersecurity', reveals that data leak incidents increased, overall, by 63 per cent and vulnerable shadow assets exposure grew by 40 per cent in 2021. This is evidence of organisations’ ever-increasing digital footprint and the expanding attack surface of today's connected enterprises.    

Source code data leaks rise by two-thirds between 2020 and 2021 

Labour shortages among developers led to greater outsourcing of development projects, with 86 per cent of hiring managers and technical recruiters now finding it a challenge to hire developers. At the same time, the acceleration of digital transformation meant that more development projects were needed, with a 47 per cent increase in new public repositories created on GitHub between 2020 and 2021.   

The increase in outsourced development projects led to a 66 per cent increase in source code leaks. The final quarter of 2021 saw a massive 117 per cent jump in the number of GitHub incident reports sent to CybelAngel’s sample group of customers, compared to the previous quarter.  

Increase in ‘major risks’ from credentials leaks 

The digital risks caused by exposed credentials continued to plague cybersecurity, including account takeover, credential stuffing, network infiltration, and ransomware attacks. In the sample group of companies, exposed credentials accounted for 25 per cent of all incident reports sent. One of the most significant findings was that the severity of exposed credential incidents has changed dramatically with a 50 per cent increase in the number of ‘major‘ incidents, defined as those having the potential to interrupt business operations as a result of account takeover.   

Cloud storage leaks grow 150% year-on-year  

As digital transformation continued following the work-at-home revolution, incidents of cloud storage leaking proprietary data, or confidential information, grew by 150 per cent year-over-year.   

40% growth in shadow IT incidents in H2 2021    

With the increasing prevalence in cloud adoption, and the ease with which applications and services can be used without the sanction of IT departments, the number of vulnerable shadow assets grew  by 40 per cent over H2 2021. 17 per cent of shadow asset incidents sent to CybelAngel customers across 2021 were rated ‘major’ or ‘critical’.  

Commenting on the findings, Pauline Losson, Cyber Operations Director at CybelAngel and Head Researcher on the report said:  “The report pulls into sharp focus the security impact of digital risks that have occurred following the seismic changes in the world of work. 

"The huge growth in cloud adoption and organisations’ increasing reliance on outsourcing development work means that all risks are, in effect, moving to the cloud. The idea of securing the perimeter is no longer tenable. Organisations are facing systemic cyber risks, driven by sophisticated criminal groups exploiting the fact that external threats are reaching a level of unavoidable risk.  

"The good news for organisations is that, if dealt with early, each of the threats identified in the report can be remediated relatively quickly and at low cost. The key is visibility and speed in order to locate all exposed assets pertaining to an organisation’s attack surface before they are breached by malicious actors. As risks change each day, organisations need to be ready to respond through continuous monitoring."  


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security