Personal details account for almost half of stolen data
Personal employee or customer data accounted for nearly half (45 percent) of all data stolen between July 2021 and June 2022 according to the latest report from Imperva.
Companies' source code and proprietary information accounted for a further 6.7 percent and 5.6 percent respectively. On a more positive note, the research finds that theft of credit card information and password details has dropped by 64 percent compared to 2021.
"It's very encouraging to see such a decline in stolen credit card data and passwords," says Terry Ray, SVP and field CTO at Imperva. "It suggests that more organizations are using basic security tactics such as Multi-factor Authentication (MFA), which makes it much harder for outside cyber attackers to gain the access required to breach data. However, in the long term, PII data is the most valuable to cybercriminals. With enough stolen PII, they can engage in full-on identity theft which is hugely profitable and very difficult to prevent. Credit cards and passwords can be changed the second there is a breach, but when PII is stolen, it can be years before it is weaponized by hackers."
The research also looks at the causes of breaches, with social engineering and unsecured databases as two of the biggest culprits. Misconfigured applications, however, were only responsible for two percent of data breaches.
"A publicly open database dramatically increases the risk of a breach and, all too often, they are left like this not out of a failure of security practices but rather the total absence of any security posture at all," adds Ray.
When it comes to the oversights that enable breaches the report highlights a lack of multi-factor authentication, limited visibility into all data repositories, poor password policies, misconfigured data infrastructures, limited vulnerability protection, and failure to learn from past data breaches.
The full More Lessons Learned from Analyzing 100 Data Breaches report is available from the Imperva site.