Have you ever wondered what the easiest way for hackers to steal your data is? Well, according to the hackers themselves, it’s phishing.

That fact comes from the Bitglass security report Data Games: Security Blind Spots According to Experts, released Tuesday. For the report, Bitglass surveyed 129 White Hat and Black Hat hackers who attended the Black Hat 2017 conference in Las Vegas.

For those unfamiliar, phishing refers to an attack method where attackers send fraudulent emails that look to be from a real company or contact, as a means to attempt to gain the trust of the victim and try to get them to share personal or sensitive information.

SEE: Information security incident reporting policy (Tech Pro Research)

Of those surveyed, 59% said that phishing was the best way to exfiltrate, or steal, this kind of data. The reason cited, according to a press release announcing the report, was that hackers would always be able to exploit errors committed by human users, or to exploit their ignorance.

The second best method, according to 27% of those surveyed, was via malware and ransomware.

Surveyed hackers also noted that password protection, facial recognition, and access controls were the three least effective measures for improving enterprise security. In fact, respondents rated facial recognition as the worst security tool six times more often than fingerprint scanners, which could be bad news for Apple’s iPhone X.

As part of the report, the hackers also identified some often overlooked areas for security in the enterprise. According to the report, the biggest security blind spots were unmanaged devices (61%), out of date applications and programs (55%), mobile devices (36%), data at rest in the cloud (26%), and traditional on-premises security (20%).

“Phishing and malware are threats made all the more potent by cloud adoption and the ease with which employees can share corporate data,” Mike Schuricht, vice president of product

Management for Bitglass, said in the release. “Many security technologies fail to address IT’s largest blind spots–unmanaged devices and anomalous access.”

Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.

  • 59% of hackers say phishing is the easiest way to steal sensitive information. – Bitglass, September 2017
  • Password protection, facial recognition, and access controls are the three most ineffective security methods for enterprise data. – Bitglass, September 2017
  • Unmanaged devices, out of date applications and programs, mobile devices, data at rest in the cloud, and traditional on-premises security are the biggest security blind spots in enterprises, according to hackers. – Bitglass, September 2017