For organizations securing sensitive data, ransomware, insider vulnerabilities, and denial of service attacks are their most-feared threats, according to a new report from the SANS and Infoblox.
Ransomware, insider threats, and denial of service are the three biggest threats faced by organizations as they try to secure sensitive data, according to a new study from Infoblox and SANS, released Thursday.
However, these threats and others were not experienced alone. According to firms surveyed for the report, 78% had run into two or more distinct threats against their data in the past year. Additionally, 68% encountered the same threat type more than once.
In that same time frame, 12% dealt with an actual breach, with 43% of those experiencing exfiltration of sensitive data through encrypted channels, the report said. The most commonly targeted data in these attacks was access data, or data that can be used in user credentials and additional account information.
"This shows how highly attackers prize access data," Sean Tierney, director of threat intelligence at Infoblox, said in the release. "It's proving more desirable to them than sensitive data being targeted for financial gain or destruction because it opens the door to significantly more exploitation opportunities."
So, how are organizations identifying these threats? According to the release, 59% rely on manual processes to identify their sensitive assets, which leaves their networks open to automated attacks. To combat this, Tierney said in the release, organizations should come up with a plan for identifying and securing sensitive assets more quickly and efficiently.
"Automating network processes helps uncover sensitive data in previously unknown areas of the network. It frees up time for IT admins to perform more important, high-level tasks," Tierney said in the release.
Still, securing data remains a challenge. Of those surveyed, 31% said that they don't have the proper headcount or resources needed to adequately secure their data.
Some 41% of respondents listed hacking or malware-related attacks as the most common reason for breaches, while 37% said it was insider compromise. Insider threats continue to proliferate, with a recent Bitglass report noting that 74% of businesses feel vulnerable to insider threats.
As part of a response plan, Infoblox recommended regular DNS scans. Some 42% of organizations surveyed conduct scans of their DNS infrastructure, the report said, but only 19% do this on a weekly basis. Additionally, only 9% perform continues scans, and 58% don't use DNS-based prevention/detection techniques at all or, if they do, they aren't aware of it.
The 3 big takeaways for TechRepublic readers
- Ransomware, insider threats, and denial of service attacks are the biggest vulnerabilities facing the sensitive data of enterprise organizations, according to a report from Infoblox and SANS.
- The majority (78%) of those surveyed had experienced more than one type of threat, and 68% experienced the same threat more than once.
- To identify sensitive assets, 59% of respondents rely on manual processes, but should be using more automation, the report said.
- Information Security Management Fundamentals (TechRepublic Academy)
- Ransomware, DDoS now top threats as hackers look for big paydays (ZDNet)
- Ransomware: The smart person's guide (TechRepublic)
- Majority of enterprises admit they are vulnerable to insider threats (ZDNet)
- Ransomware: How to avoid becoming a victim (TechRepublic)