Intelligent CISO Issue 59 | Page 57

Customer and employee details account for nearly half of all stolen data

mperva , a cybersecurity leader

I whose mission is to help organisations protect their data and all paths to it , has released More Lessons Learned from Analyzing 100 Data Breaches report , a 12-month analysis by Imperva Threat Research of the trends and threats related to data security .

The report finds that personal employee or customer data accounted for nearly half ( 45 %) of all data stolen between July 2021 and June 2022 , while companies ’ source code and proprietary information accounted for a further 6.7 % and 5.6 % respectively . More positively , the research found that theft of credit card information and password details dropped by 64 % compared to 2021 .
“ It ’ s very encouraging to see such a decline in stolen credit card data and passwords ,” said Terry Ray , SVP and Field CTO at Imperva . “ It suggests that more organisations are using basic security tactics such as Multi-Factor
Authentication ( MFA ), which makes it much harder for outside cyberattackers to gain the access required to breach data .
“ However , in the long term , PII data is the most valuable to cybercriminals ,” said Ray . “ With enough stolen PII , they can engage in full-on identity theft which is hugely profitable and very difficult to prevent . Credit cards and passwords can be changed the second there is a breach , but when PII is stolen , it can be years before it is weaponised by hackers .”
The research also reveals the root causes of data breaches , with social engineering ( 17 %) and unsecured databases ( 15 %) as two of the biggest culprits . Misconfigured applications were only responsible for 2 % of data breaches , but businesses should expect this figure to rise in the near future , particularly with cloud-managed infrastructure where configuring for security requires significant expertise .
“ It ’ s really concerning that a third ( 32 %) of data breaches are down to unsecured databases and social engineering attacks , since they ’ re both straightforward to mitigate ,” said Ray . “ A publicly open database dramatically increases the risk of a breach and , all too often , they are left like this not out of a failure of security practices but rather the total absence of any security posture at all .”
Imperva Threat Research also identified some of the most common oversights that enable data breaches :
1 . Lack of Multi-Factor Authentication ( MFA ) – There is no good reason why organisations shouldn ’ t be using MFA as it makes it far harder for an attacker to successfully use stolen credentials to access sensitive information .
2 . Limited visibility into all data repositories – Businesses need a single dashboard solution that can provide insight on a broad range of data security capabilities , including data discovery and classification , monitoring , access control , risk analytics , compliance management , security automation , threat detection and audit reporting .
3 . Poor password policies – Every company should be doing regular employee training sessions on the importance of not duplicating passwords or sharing them with colleagues , partners or vendors .
4 . Misconfigured data infrastructures – Each cloud-managed infrastructure is unique and requires a specific skillset to manage properly . Visibility over all cloud-managed data repositories through a single dashboard eliminates the need to maintain configurations for data visibility . u
intelligent DATA SECURITY
www . intelligentciso . com
57