Customer and Employee Data the Top Prize for Hackers – Imperva

Written by

The theft of customer and employee data accounts for almost half (45%) of all stolen data between July 2021 and June 2022, according to a new report from Imperva.

Companies’ source code and proprietary information accounted for 6.7% and 6.5% of stolen data, respectively.

In what Imperva identified as a positive finding, their research found that theft of credit card information and password details dropped by 64% compared to 2021.

The data is part of a 12-month analysis by Imperva Threat Research on the trends and threats related to data security in its report More Lessons Learned from Analyzing 100 Data Breaches.

Terry Ray, SVP and field CTO at Imperva, said that the decline in stolen credit card and password data pointed to the uptake of basic security tactics like multi-factor authentication (MFA).

“However, in the long term, PII data is the most valuable to cyber-criminals. With enough stolen PII, they can engage in full-on identity theft which is hugely profitable and very difficult to prevent. Credit cards and passwords can be changed the second there is a breach, but when PII is stolen, it can be years before it is weaponized by hackers,” he said.

The research also revealed the root causes of data breaches, with social engineering (17%) and unsecured databases (15%) two of the biggest culprits. Misconfigured applications were only responsible for 2% of data breaches, but Imperva said that businesses should expect this figure to rise in the near future, particularly with cloud-managed infrastructure where configuring for security requires significant expertise.

“It’s really concerning that a third (32%) of data breaches are down to unsecured databases and social engineering attacks, since they’re both straightforward to mitigate,” said Ray. “A publicly open database dramatically increases the risk of a breach and, all too often, they are left like this not out of a failure of security practices but rather the total absence of any security posture at all.”

The company also identified four new profiles for the main types of attackers:

  1. The Hit and Run attacker – This is when an attacker identifies an opportunity – a vulnerability, publicly open database, or something else – and takes what they can, and leaves. This kind of attacker won’t search for other databases, penetrate the organization’s network, or try to execute exotic exploits, etc. They will only take what they can easily, and sell it to the highest bidder. Organizations make it easy for Hit and Run attackers to steal data by failing to reduce visibility of operations and workloads on publicly open services in the cloud.
  2. The Curious attacker – This involves breaches where the attacker usually sets out with a purpose, but ends up with enough interest to have a look around at what else they can steal, whilst executing their original plan whether that be malware deployment or data exfiltration etc…
  3. The Resident attacker – As the most dangerous type, this type of cyber-criminal will penetrate a network and stay around for months or maybe years, all while the organization remains unaware. They often use methods including keyloggers and sniffers to steal credentials and compromise databases.
  4. The Inside attacker – This is the most prevalent profile that leads to attacks. This is activated by employees accidentally leaving data exposed, or for malicious means whereby the motive is usually money accompanied by a dislike for the company.

What’s hot on Infosecurity Magazine?