Ransomware, insider threats, and denial of service are the top three threats organisations face when it comes to securing personal data.
That is according to a new report from the SANS Institute, which reveals that 78% of businesses have encountered two or more threats to their data in the last year, while 12% have actually suffered a breach.
Of those victims, 43% encountered extraction of sensitive data through encrypted channels, with user credentials and privileged information, known as access data, the most prized by hackers.
“This shows how highly attackers prize access data,” Sean Tierney, director of threat intelligence at Inflobox, which co-sponsored the research, said.
“It is proving more desirable to them than sensitive data being targeted for financial gain or destruction because it opens the door to significantly more exploitation opportunities.”
The research involved a survey of 250 IT and security administrators, engineers, IT managers, developers, and privacy experts, finding that 59% of the respondents are using manual processes to identify sensitive assets.
“Those still relying solely on manual processes are doing themselves a disservice by opening up their networks and customer data to highly automated, targeted attacks,” Tierney added.
Some 41% of the respondents said the most frequent underlying cause for breaches of sensitive data to be hacking or malware-related attacks, with 37% indicating insider compromise.
When it comes to protection, 31% reported a lack of staffing and resources as the biggest obstacle to keeping data secure.
In addition, it was found that 58% do not utilize DNS-based prevention/detection techniques, or are unaware if they do, while only 19% perform weekly scans of their DNS infrastructure, and just 9% do it continuously.
“In order to counter the chances of compromise, organisations must know how data should flow, and design an in-depth defense strategy to secure assets like user IDs, credentials, roles and directories,” Tierney continued.
“Automating network processes helps uncover sensitive data in previously unknown areas of the network, and it frees up time for IT admins to perform more important, high-level tasks.”
An increasing reliance on data and IT systems has seen cyber incidents shoot to the top of the most pressing risks facing businesses worldwide, research by Allianz has uncovered.
17 January 2020
The majority of risk managers worldwide cannot adequately assess the threats posed by new technologies, research by Accenture has found.
10 December 2019
Financial institutions will save $7bn (£5.43bn) by 2024 thanks to blockchain technology and the automation of customer checks, a market research firm has predicted.
05 November 2019
Why InsurTech? A Pressured Insurance Value Chain
By Andrew Sagon, Andrew Johnston and Matthew Wong
InsurTech is a burgeoning phenomenon that is modernising the insurance industry. It is disrupting the traditional value chain whereby insurers offer loss protection, and shifting the emphasis to risk mitigation. Incumbents face disintermediation as investors in search of higher yields pour money into insurance-linked instruments in the capital markets. And entrepreneurial businesses are targeting friction costs and inefficiencies within every aspect of the traditional value chain.
Nimbleness and agility will unlock potential
By Elinor Friedman, Andrew Harley and Klayton Southwood
Recent Willis Towers Watson surveys in the U.S. have shown that P&C and life insurers in developed markets are taking seriously the potential of big data and predictive analytics to improve their businesses. Nimbleness and agility, rather than brute force, are likely to be key to realizing that potential.
Driven by technology, toolkits and talent
By Claudine Modlin and Graham Wright
Advanced analytics is helping some insurers offer innovative products and solutions. What do insurers need to know about the changing nature of analytics and whether it is worth the investment? Claudine Modlin and Graham Wright discuss technology, toolkits and talent — topics that may help you decide.
Risk transfer is part of a comprehensive solution
By Adeola Adele, Patrick Kulesa, Kevin Madigan and Alice Underwood
Given the dynamic nature of cyber-risk, taking a multidimensional approach that integrates board governance, technology solutions, behavioral change and risk transfer solutions can help reduce risk to a manageable level.