According to recent studies, hackers are more interested in getting sensitive personal and employee information.
Personal information about employees and customers made up over half (45%) of all data stolen last year, according to an Imperva analysis that analysed 100 data breach stories released in the past 12 months.
According to Imperva, hackers are especially interested in users’ private information since it may be utilised in stage two attacks like identity theft. Imperva’s SVP of Security Operations, Terry Ray, believes that preventing these may be “hugely lucrative and extremely tough.”
Manipulation of humans and insecure data systems
Credit cards and passwords may be reset immediately after a theft, but it may take hackers years to turn stolen personally identifiable information into a weapon.
Although they make news often, thefts of source code and private data are quite uncommon, making up just 6.7% and 5.6% of all such incidents, respectively. The good news is that breaches involving sensitive data like passwords and credit card numbers have decreased by 64% year over year, suggesting that companies have been more vigilant in securing this information.
Information may be stolen by social engineering(17%) or by hacking into insecure databases (15%). Even though application misconfiguration only accounted for about 2% of all data breaches in 2016, businesses anticipate that this format will play a larger role in the future, largely due to the growth of cloud-managed infrastructure, whose security configuration necessitates considerable expertise.
Ray finds these findings a little unexpected since he believes it would be “straightforward to remediate” vulnerabilities in unprotected databases and social engineering assaults.
“The danger of a breach is greatly magnified when a database is available to the public,” says security expert Brian Krebs. “Unfortunately, this is frequently the case, and not because of a lack of security standards but because of the complete absence of any security posture at all.”
According to Imperva, the lack of multi-factor authentication (MFA), inadequate visibility into all data repositories, insufficient password policies, improperly configured data infrastructures, insufficient vulnerability protection, and failing to learn from past mistakes are the top six most common mistakes that lead to data breaches.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover