CybelAngel: Cloud Storage leaks grew by 150% in 2021

Tooday CybelAngel published in-depth original research revealing that data leaks and shadow assets are the greatest source of exposure to cyberattacks

CybelAngel, a digital risk protection company, today published in-depth original research revealing that data leaks and shadow assets are the greatest source of exposure to cyber attacks faced by large organisations across the globe. The report also highlights how the market pressures of 2021 led to an increase of such risks, with cloud storage leaks increasing by 150% compared to 2020.    

Based on data from a sample group of customers, the research report: 'A Year in Proactive Cybersecurity', reveals that data leak incidents increased, overall, by 63 per cent and vulnerable shadow assets exposure grew by 40 per cent in 2021. This is evidence of organisations’ ever-increasing digital footprint and the expanding attack surface of today's connected enterprises.    

Source code data leaks rise by two-thirds between 2020 and 2021 

Labour shortages among developers led to greater outsourcing of development projects, with 86 per cent of hiring managers and technical recruiters now finding it a challenge to hire developers. At the same time, the acceleration of digital transformation meant that more development projects were needed, with a 47 per cent increase in new public repositories created on GitHub between 2020 and 2021.   

The increase in outsourced development projects led to a 66 per cent increase in source code leaks. The final quarter of 2021 saw a massive 117 per cent jump in the number of GitHub incident reports sent to CybelAngel’s sample group of customers, compared to the previous quarter.  

Increase in ‘major risks’ from credentials leaks 

The digital risks caused by exposed credentials continued to plague cybersecurity, including account takeover, credential stuffing, network infiltration, and ransomware attacks. In the sample group of companies, exposed credentials accounted for 25 per cent of all incident reports sent. One of the most significant findings was that the severity of exposed credential incidents has changed dramatically with a 50 per cent increase in the number of ‘major‘ incidents, defined as those having the potential to interrupt business operations as a result of account takeover.   

Cloud storage leaks grow 150% year-on-year  

As digital transformation continued following the work-at-home revolution, incidents of cloud storage leaking proprietary data, or confidential information, grew by 150 per cent year-over-year.   

40% growth in shadow IT incidents in H2 2021    

With the increasing prevalence in cloud adoption, and the ease with which applications and services can be used without the sanction of IT departments, the number of vulnerable shadow assets grew  by 40 per cent over H2 2021. 17 per cent of shadow asset incidents sent to CybelAngel customers across 2021 were rated ‘major’ or ‘critical’.  

Commenting on the findings, Pauline Losson, Cyber Operations Director at CybelAngel and Head Researcher on the report said:  “The report pulls into sharp focus the security impact of digital risks that have occurred following the seismic changes in the world of work. 

"The huge growth in cloud adoption and organisations’ increasing reliance on outsourcing development work means that all risks are, in effect, moving to the cloud. The idea of securing the perimeter is no longer tenable. Organisations are facing systemic cyber risks, driven by sophisticated criminal groups exploiting the fact that external threats are reaching a level of unavoidable risk.  

"The good news for organisations is that, if dealt with early, each of the threats identified in the report can be remediated relatively quickly and at low cost. The key is visibility and speed in order to locate all exposed assets pertaining to an organisation’s attack surface before they are breached by malicious actors. As risks change each day, organisations need to be ready to respond through continuous monitoring."  


Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security