A Utah Department of Motor Vehicle employee shows a sample of a digital driver's license on a mobile phone. (Photo by George Frey/Getty Images)A recently released study that analyzed the top 100 breaches from July 2021 to July 2022 showed that hackers went after personally identifiable information 42.7% of the time.Out of all of the types of data available for cybercriminals to steal — credit card info, passwords, source code, etc. — the authors of the Imperva study said that PII is the most valuable since criminals can compile more PII from the dark web to then engage in harder to prevent fraud or full-on identity theft.For the analysis, Imperva looked at publicly available sources from the web, breach reports, hackers’ forums, analysis of stolen database dumps and information from Imperva’s own honeypots.
What they found was that 27.1% of data breaches were caused by hackers. But Imperva researchers said what struck them most was that the two reasons that tied for second when it comes to root causes — unsecured databases and social engineering at 14.6% — are fairly straightforward to mitigate: “A publicly open service increases the risk of a breach to happen, but in most cases, this is not a failure of security practices; it is rather a complete absence of a security posture,” they wrote.Ransomware followed as the fourth most common cause of a breach at 10.4%, and third parties caused 7.2% of breaches.Finance, professional services, healthcare and public administration were the top four industries that recorded the most breaches during the analysis.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.
Hackread reports that the nascent SatanLock ransomware gang, which has immediately gained prominence after compromising 67 organizations weeks after its emergence in early April, has decided to expose data pilfered from all its victims as it announced the imminent cessation of its operations.
Reuters reports that leading South Korean telecommunications provider SK Telecom has been ordered by the country's Ministry of Science and ICT to pay an almost $22,000 fine and implement security measures every quarter following a cyberattack disclosed in April that compromised 26.96 million universal subscriber identity module cards.
Online applicant tracking platform TalentHook had almost 26 million files, most of which are CVs belonging to U.S. job seekers, accidentally leaked by an unsecured Azure Blob storage container, according to Cybernews.