Fifty-nine percent of respondents to a Bitglass survey at Black Hat USA 2017 identified phishing as the best data exfiltration strategy, as human error and ignorance will always be exploitable.
Understandably, and in line with recent cyberattacks, malware and ransomware ranked second, at nearly 27 percent.
Least effective enterprise security measures
Hackers also pointed out the three least effective enterprise security measures: password protection, facial recognition and access controls.
“Phishing and malware are threats made all the more potent by cloud adoption and the ease with which employees can share corporate data,” said Mike Schuricht, VP Product Management, Bitglass. “Many security technologies fail to address IT’s largest blind spots – unmanaged devices and anomalous access.”
- The top five data security blind spots are unmanaged devices (61 percent), not-up-to-date systems, applications and programs (55 percent), mobile devices (36 percent), data at rest in the cloud (26 percent), and traditional on-premises security (20 percent)
- Password-protected documents (33 percent) were ranked as the least effective security tool, followed by facial recognition (19 percent)
- Facial recognition was rated as the worst tool six times more often than fingerprint authentication – an interesting insight in light of the new iPhone’s shift to face-recognition security
- Almost 60 percent of respondents ranked phishing as the number one method of data exfiltration, followed by malware and ransomware (27 percent)
- More than three quarters (83 percent) of respondents believe that hackers are motivated by the monetary value of stolen data, with ego and entertainment-value playing only a small role.