Thanks to Salim Hafid, Product Manager at Bitglass for sharing his insights on Bitglass' Data Games: Security Blind Spots According to Experts. The report features survey insights from 129 White Hat and Black Hat hackers that attended the Black Hat 2017 national cybersecurity conference.
Fifty-nine percent of respondents identified phishing as the best data exfiltration strategy, as human error and ignorance will always be exploitable. Understandably, and in line with recent cyber attacks, malware and ransomware ranked second, at nearly 27 percent. Hackers also pointed out the three least effective enterprise security measures: password protection, facial recognition, and access controls.
“Phishing and malware are threats made all the more potent by cloud adoption and the ease with which employees can share corporate data,” said Mike Schuricht, VP Product Management, Bitglass. “Many security technologies fail to address IT’s largest blind spots - unmanaged devices (e.g., cell phones, personal laptops, and tablets) and anomalous access.”
The top five data security blind spots are unmanaged devices (61 percent), not-up-to-date systems, applications and programs (55 percent), mobile devices (36 percent), data at rest in the cloud (26 percent), and traditional on-premises security (20 percent).
Password-protected documents (33 percent) were ranked as the least effective security tool, followed by facial recognition (19 percent).
Facial recognition was rated as the worst tool six times more often than fingerprint authentication - an interesting insight in light of the new iPhone’s shift to face-recognition security. However, Salim felt like the implication of facial recognition was more a function of the inferior products already on the market than the new iPhone.
Almost 60 percent of respondents ranked phishing as the number one method of data exfiltration, followed by malware and ransomware (27 percent).
More than three-quarters (83 percent) of respondents believe that hackers are motivated by the monetary value of stolen data, with ego and entertainment-value playing only a small role.