Data risk surveyed

CERT-LatestNews ThreatsActivists ThreatsCybercrime ThreatsEconomic

User credentials and privileged accounts are the most common data types involved in significant data breaches, according to the results of a survey by the cyber and info-security training body SANS Institute.

The ‘Sensitive Data at Risk: The SANS 2017 Data Protection Survey’ questioned IT and security administrators, engineers, developers and privacy managers and managers generally, across a variety of industries. These considered ransomware as the top overall threat to data availability, based on occurrences in the past 12 months.

Insider threats and denial of service are also considered top threats to sensitive data. While the majority of respondents indicated that they escaped actual compromise of sensitive data, enough respondents did lose sensitive data to provide valuable lessons from these events. Of the respondents, 78pc reported two or more threats occurring in the past 12 months; 68pc reported the same threat occurring multiple times over that same period.

User credentials and privileged accounts represented the most common data types involved in these breaches, highlighting the fact that access data is prized by attackers. Access information is most sought after because it grants the attackers the same privilege as their victims. They often use this privilege to escalate and spread their attacks, allowing them to gather more types of sensitive information. Other key data being targeted in significant breaches includes customer personally identifiable data, selected by 31pc of respondents, and employee data and intellectual property, each chosen by 28pc.

Barbara Filkins, SANS Analyst Program Research Director, was author of the survey report. She said: “I used to consider data sources such as network and personnel directories as items that need to be protected — although not at the level of ‘sensitive’ data, such as financial and healthcare records. Maybe access information needs even greater protection, given that this survey showed that user credentials and privileged accounts represented the most common data types involved in breaches.”

Knowing what the attackers are looking for is half the battle, the survey suggests. Understanding how data flows through systems, which is done by less than 4pc of the survey sample, is an example of a step defenders can use to aid in detection and remediation of breaches. Yet 62pc indicate that identifying all pathways to their sensitive data is a key challenge.

Filkins adds: “Drawing data maps and flows may not be perfect, but the process illustrates a key starting point. A picture — or in this case a map — is worth a thousand words in understanding where to start protecting data.”


Ajay Uggirala, director at Imperva, a cyber security product company, said “It is no wonder that ransomware, insider threats and denial of service attacks are viewed as one of the most dangerous threats. Insider threats present a particularly serious issue because the perpetrators (wittingly or unwittingly) are already inside a network. As we’ve seen in past high-profile cases, data breaches caused by careless, malicious or compromised insiders are real and serious.

“Because the problem begins with users that have legitimate access to enterprise data, attacks from the inside can be present for long periods of time before finally being detected. What’s more, costs associated with loss of data can run in the millions and lead to customer loss, brand damage and stock price decline. Ransomware is equally as damaging, as once a web application is compromised it is easy to plant ransomware to restrict access to the data that application is serving. It is important to protect the application itself by blocking web app attacks and denying account takeover attempts this can be achieved with security tools such as web application firewalls and fraud prevention systems, as we have seen illustrated by the devastating Not Petya and WannaCry ransomware attacks this year alone.

“DDoS attacks are also increasing sharply, due to their ability to disrupt some security measures and cause fatigue to the people in charge of the attack mitigation, forcing them to stay alert even in the quiet time between the attacks. In the first quarter of this year, we saw the number of such repeat assaults reaching an all-time-high, with over 74 percent of DDoS targets attacked at least twice in the span of that quarter. The cybersecurity threat landscape is more crowded than ever, in short.”