Customer and Employee Data the Top Prize for Hackers – Imperva

Customer and employee data theft accounts for nearly half (45%) of all data stolen between July 2021 and June 2022, according to a new report from Imperva.

Corporate source code and sensitive information accounted for 6.7% and 6.5% of stolen data, respectively.

What Imperva identified as a positive result, their research found a 64% reduction in stolen credit card and password details compared to 2021.

This data is part of Imperva Threat Research’s 12-month analysis and report on trends and threats related to data security. More lessons learned from analyzing 100 data breaches.

Imperva SVP and Field CTO Terry Ray said the decline in stolen credit card and password data indicates adoption of basic security tactics such as multi-factor authentication (MFA).

“But in the long run, PII data is most valuable to cybercriminals. With enough stolen PII, they can engage in complete identity theft. Yes, and very difficult to prevent.Credit cards and passwords can be changed the moment a breach occurs, but if the PII is stolen, it could take years for hackers to weaponize it.” he said.

The survey also uncovered the root causes of data breaches, with social engineering (17%) and insecure databases (15%) being the two top culprits. While only 2% of data breaches occur due to misconfigured applications, Imperva says enterprises are close to this number, especially for cloud-managed infrastructures that require considerable expertise to configure security. He said it should be expected to rise in the future.

“It is very concerning that one-third (32%) of data breaches are due to unsecured databases and social engineering attacks, both of which are easily mitigated,” he said. Ray said. “Public databases dramatically increase the risk of compromise. In many cases, they remain this way not because of failed security practices, but because of a total lack of security posture.”

The company also identified four new profiles for the main types of attackers.

1. Hit and Run Attacker – This is when attackers identify an opportunity (vulnerability, publicly available database, or whatever), do what they can and leave. These types of attackers do not search other databases, infiltrate an organization’s network, or try to perform exotic exploits. We only take what we can get easily and sell it to the highest bidder. Organizations make it easy for hit-and-run attackers to steal data by failing to reduce visibility into the operations and workloads of public-facing services in the cloud.
2. Curious Attacker – This includes breaches that attackers typically undertake with a purpose, such as deploying malware or exfiltrating data, while still executing their original plans to find out what else they can steal. I have enough interest in …
3. Resident Attacker – As the most dangerous type, this type of cybercriminal infiltrates a network and exists for months or years without an organization’s knowledge. They often use methods like keyloggers and sniffers to steal credentials and compromise databases.
4. Inside attacker – This is the most common profile leading to attacks. It can be activated by employees accidentally leaving data open or by malicious means, and the motive is usually money with a distaste for the company.