Personal and employee data is a goldmine for hackers, who now seem more focused on obtaining these types of data than any new research.
A report from Imperva analyzing 100 data breach reports published in the past 12 months says that employee and customer personal data made up nearly half (45%) of all data stolen in the past year.
Cybercriminals focus on personally identifiable information, Imperva claims, because that data can be used for identity theft (Opens in a new tab) and similar second-stage attacks. These can be “very profitable and very difficult to prevent,” says Terry Ray, senior vice president of Imperva.
Social engineering and unlocked databases
“Credit cards and passwords can be changed in the event of a breach, but when PII is stolen, it can be years before hackers use it as a weapon,” Ray added.
Although it often fills the headlines, source code and proprietary data theft are not uncommon, accounting for only 6.7% and 5.6%, respectively. The good news is that companies have gotten a lot better at protecting payment information and password details, with leaks of this type of data down 64% year-on-year.
Most of the time, data breaches are the result of social engineering attacks (17%) or attacks against insecure databases (15%). Misconfigured applications accounted for nearly 2% of all data breaches, but companies expect this format to play a larger role in the future, mostly due to the rise in cloud-managed infrastructure, whose security configuration requires significant expertise. .
For Ray, these results are somewhat surprising because insecure databases and social engineering attacks are “easy to mitigate”.
“A database open to the public greatly increases the risk of a breach and, more often than not, is left that way not because of failing security practices but rather because of the complete absence of any security posture whatsoever.”
Imperva says there are six common monitoring processes that lead to data breaches, including lack of multi-factor authentication (MFA), limited visibility into all data warehouses, weak password policies, misconfigured data infrastructure, and limited protection for vulnerabilities. And not learning from past mistakes.