Ransomware is the top threat to business data
New research from research organization the SANS Institute reveals that frontline IT professionals consider ransomware to be the top overall threat to data availability.
Insider threats and denial of service are also considered top threats to sensitive data. While the majority of respondents indicate that they escaped actual compromise of sensitive data in the last year, enough respondents did lose data to provide valuable lessons from these events.
Of the respondents, 78 percent report two or more threats occurring in the past 12 month, while 68 percent report the same threat occurring multiple times over that same period. User credentials and privileged accounts represent the most common data types involved in these breaches, underlining the fact that access data is highly prized by attackers. This is because it grants the attackers the same privilege as their victims. They can then use this privilege to escalate and spread their attacks, allowing them to gather more types of sensitive information.
Other key data being targeted in significant breaches includes customer personally identifiable data, selected by 31 percent of respondents, as well as employee data and intellectual property, each chosen by 28 percent.
"I used to consider data sources such as network and personnel directories as items that need to be protected -- although not at the level of 'sensitive' data, such as financial and healthcare records," says Barbara Filkins, SANS analyst program research director and author of the survey report. "Maybe access information needs even greater protection, given that this survey showed that user credentials and privileged accounts represented the most common data types involved in breaches."
While knowing what attackers are looking for is important, understanding how data flows through systems can also help defenders in both detection and remediation of breaches. However, 62 percent of respondents say that identifying all pathways to their sensitive data is a key challenge.
More information on the findings will be released tomorrow (September 6) in a free webcast which you can register for on the SANS website.