Company data: What vulnerabilities?
What is the biggest vulnerability to monetarily important corporate data? The answer of the participants of a security conference is: 1. unmanaged devices, 2. not up-to-date systems and 3. mobile devices.
The data security specialist Bitglass conducted a survey of 129 participants at the "Black Hat" security conference in Las Vegas this summer. It revealed the high value of data in the digital age: 82.8% of respondents said that data is a target of cyberattacks due to its monetary value. Furthermore, the survey participants provided an overview of attack strategies and the effectiveness of known security measures:
Vulnerabilities: Unmanaged devices/BYOD in first place
As indicated by survey respondents, unmanaged devices (61.2%), such as those used in the context of BYODand out-of-date systems (55%) pose the greatest threat to data security. Furthermore, mobile devices (36.4%), cloud storage locations (26.4%) and traditional local security measures (20.9%) are cited as particularly vulnerable.
Security measures: Password protection and facial recognition critical
Securing documents using passwords is rated as the least effective measure (33.3%) by the "black hats". Second place goes to facial recognition technology (19.4%), followed by access restrictions (15.5%).
Attack strategies: phishing, the most successful method
The survey participants see phishing (58.9%) as the most efficient method for data theft by a wide margin. Attacks by means of malware and ransomware are only in second place (26.4%). Device theft (6.2 %), wifi spoofing (4.7%) and other strategies such as social engineering, data theft by employees and exploiting weak AWS rules (3.9%) are far less important.
Commenting on the findings, Rich Campagna, Chief Executive Officer of Bitglass, said, "Organizations are struggling to address the proliferation of BYOD with their security measures. They need to ensure that employees can securely access data from any device, including unmanaged mobile devices. The ability to monitor data, its location and access is critical to preventing data loss and hacking attacks. The fact that phishing was cited as the number one method for data theft is particularly troubling given the challenges associated with BYOD security. Low visibility regarding unmanaged devices can make it difficult for organizations to identify and respond to phishing and malware."
All survey results at a glance
What is the biggest vulnerability for enterprise data?
- Non-managed devices (61.2%)
- Non-current systems (55%)
- Mobile devices (36.4%)
- Data at rest in the cloud (26.4%)
- Traditional local security (20.9%)
- Other (1,55%)
What do you think is the least effective security tool?
1. password protected documents (33.3%)
2. face detection (19.4%)
3. access restrictions (15.5%)
4. network firewalls (11.6%)
5. mobile device management (MDM) (11.6%)
6. other (5.4%)
7. fingerprints (3.1%)
Which data theft method do you think is most effective?
1. phishing (58.9%)
2. malware/ransomware/spyware (26.4%)
3. device theft (6.2%)
4. WLAN spoofing (4.7%)
5. other (3.9 %)*
* "Other" includes user manipulation (social engineering), employee theft, and exploitation of weak AWS rules.
Why is data so often the target of cyber attacks?
1. monetary value (82.8%)
2. personal confirmation (7%)
3. moral reasons (6.3%)
4. entertainment (3.9%)
Source: Touchdown PR
