According to the results of a new survey to be released by SANS Institute on the 6th September, ransomware is considered the top overall threat to businesses’ data, with user credentials and privileged accounts the most common data types involved in significant breaches.
The ‘Sensitive Data at Risk: The SANS 2017 Data Protection Survey’ questioned IT and security administrators, engineers, managers, developers and privacy experts globally, across a wide variety of industries. These front-line professionals considered ransomware as the top overall threat to data availability, based on occurrences in the past 12 months.
Insider threats and denial of service are also considered top threats to sensitive data. While the majority of respondents indicated that they escaped actual compromise of sensitive data, enough respondents did lose sensitive data to provide valuable lessons from these events. Of the respondents, 78% reported two or more threats occurring in the past 12 months; 68% reported the same threat occurring multiple times over that same period.
User credentials and privileged accounts represented the most common data types involved in these breaches, highlighting the fact that access data is prized by attackers. Access information is most sought after because it grants the attackers the same privilege as their victims. They often use this privilege to escalate and spread their attacks, allowing them to gather more types of sensitive information. Other key data being targeted in significant breaches includes customer personally identifiable data, selected by 31% of respondents, and employee data and intellectual property, each chosen by 28%.
“I used to consider data sources such as network and personnel directories as items that need to be protected—although not at the level of ‘sensitive’ data, such as financial and healthcare records,” says Barbara Filkins, SANS Analyst Program Research Director and author of the survey report. “Maybe access information needs even greater protection, given that this survey showed that user credentials and privileged accounts represented the most common data types involved in breaches.”
Knowing what the attackers are looking for is half the battle. Understanding how data flows through systems, which is done by less than 4% of the survey sample, is an example of a step defenders can use to aid in both detection and remediation of breaches. Yet 62% indicate that identifying all pathways to their sensitive data is a key challenge.
“When defenders know what attackers want most, they know how to prioritise their efforts,” says Benjamin Wright, an expert on the legal aspects of data protection and advisor on this project. “This survey shows how much attackers covet user credentials and privileged accounts.”
“Drawing data maps and flows may not be perfect, but the process illustrates a key starting point,” continues Filkins. “A picture—or in this case a map—is worth a thousand words in understanding where to start protecting data.”
Full results will be shared during a Wednesday, September 6, 2017 webcast at 1 PM EDT, sponsored by Infoblox and McAfee, and hosted by SANS. Register to attend the webcast at www.sans.org/u/vpK
Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst Program Research Director and data protection expert, Barbara Filkins.
