Personal and employee data is a goldmine for hackers, who are now apparently more focused on harvesting this type of data than anything else, new research has found.
An Imperva report analyzing 100 data breach reports published in the last 12 months says that personal data from employees and customers accounted for almost half (45%) of all data stolen last year.
Cybercriminals focus on personal data, says Imperva, because that data can be used to steal identities (opens in a new tab) and similar second stage attacks. These, says Imperva SVP Terry Ray, can be “extremely lucrative and very hard to avoid.”
Social engineering and insecure databases
“Credit cards and passwords can be changed immediately after a break-in, but once personal information is stolen it can take years for hackers to use it as a weapon,” added Ray.
Although there are frequent headlines, the theft of source code and proprietary data is not as common, accounting for only 6.7% and 5.6% respectively. The good news is that companies are much better at protecting payment information and password details, as leaks of this type of data have decreased by 64% year-on-year.
In most cases, data breaches are the result of social engineering attacks (17%) or attacks against unsecured databases (15%). Poorly configured applications accounted for around 2% of all data breaches, but companies expect this format to play a larger role in the future, mainly due to the growth of cloud-managed infrastructure whose security configuration requires significant expertise.
For Ray, these results are a bit surprising because unsecured databases and social engineering attacks are “simple to mitigate.”
“A publicly open database dramatically increases the risk of a breach and all too often it is left that way not because of a failure of security practices but rather a complete lack of any security posture.”
Imperva says there are six of the most common oversights that result in data breaches, including no multi-factor authentication (MFA), limited visibility of all data repositories, bad password policies, misconfigured data infrastructure, limited vulnerability protection, and failure to learn from past mistakes.