infoblox

New Survey Finds Insider Threats and Ransomware Are Most Feared

Organizations Lack Proper Data Exfiltration Prevention

SANTA CLARA, Calif., Sept. 7, 2017 /PRNewswire/ — Infoblox Inc., the network control company that provides Actionable Network Intelligence, today released results of a new study that identifies the top threats, risks and fears related to securing data assets and keeping networks secure. The survey, conducted by SANS and co-sponsored by Infoblox, found that ransomware, insider threats and denial of service are considered the top three threats organizations face when it comes to securing sensitive data.

According to the study, 78 percent of respondents report encountering two or more threats to their data in the past 12 months, while 12 percent actually encountered a breach, with 43 percent of those encountering exfiltration of sensitive data through encrypted channels. User credentials and privileged account information, known as access data, represented the most common data types involved in these breaches, spotlighting the fact that privileged data is prized by attackers — proving more desirable to them than sensitive data being targeted for financial gain or destruction.

This shows how highly attackers prize access data,” said Sean Tierney, Director of Threat Intelligence at Infoblox. “It's proving more desirable to them than sensitive data being targeted for financial gain or destruction because it opens the door to significantly more exploitation opportunities.

The study also found that 59 percent of respondents are using manual processes to identify sensitive assets —ultimately leaving their networks prone to massively automated attacks.

Tierney added: “Those still relying solely on manual processes are doing themselves a disservice by opening up their networks and customer data to highly automated, targeted attacks. In order to counter the chances of compromise, they must know how data should flow and design an in-depth defense strategy to secure assets like user IDs, credentials, roles and directories. Automating network processes helps uncover sensitive data in previously unknown areas of the network. It frees up time for IT admins to perform more important, high-level tasks.”

Other key findings from the “2017 SANS Data Protection Survey” report include:

  • Threats to Data: Overall, 78 percent of respondents have seen two or more different types of threats over the last 12 months, with 68 percent having seen the same threat types multiple times.
  • Data Exfiltration: 48 percent of those who sustained a breach report that the incident resulted in the exfiltration of sensitive data, with the primary transport of the data being an encrypted channel established by malware with a secondary factor being email.     
  • Challenges in Securing Data: When asked what their organization's greatest challenge is when it comes to sensitive data protection, 31 percent of respondents report lack of staffing and resources to be their biggest obstacle.
  • The Cost of Compromise: 41 percent of respondents report the most frequent underlying cause for breaches of sensitive data to be hacking or malware-related attacks, with 37 percent indicating insider compromise.
  • Watch Your DNS: While 42 percent of respondents report conducting scans of their DNS infrastructures, only 19 percent conduct regular scans on at least a weekly basis, with a mere 9 percent scanning continuously. 58 percent of respondents do not utilize DNS-based prevention/detection techniques at all or are unaware whether they do.

View the Webinar

To learn more about the results of this survey and best practices when it comes to securing your sensitive data, join the SANS on demand webinar.

Download Report

Download the “Sensitive Data at Risk Everywhere: The SANS 2017 Data Protection Survey,” which includes recommendations for securing sensitive data.

Methodology
Participants for the study included more than 250 IT and security administrators, engineers, IT managers, developers, and privacy experts.

About Infoblox

Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. As the industry leader in DNS, DHCP, and IP address management, the category known as DDI, Infoblox (www.infoblox.com) provides control and security from the core—empowering thousands of organizations to increase efficiency and visibility, reduce risk, and improve customer experience.

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

CloudBuzz

The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

CONTRIBUTORS

How Big Data Can Empower Native Ads

How Big Data Can Empower Native Ads

Empower Native Ads The realm of big data is expanding an astonishing rate, and its presence can be felt across ...
Financial Management Finds a Welcome Home in the Cloud

Financial Management Finds a Welcome Home in the Cloud

Cloud Based Financial Management The most cautious person in any organization is likely to be the CFO. After all, they’re ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Multi-Instance vs. Multi-Tenant Architecture  The cloud is part of everything we do. It’s always there backing up our data, pictures, ...
Scale Matters in the Enterprise Cloud

Scale Matters in the Enterprise Cloud

The Enterprise Cloud What used to be an unknown and mysterious term, “the cloud” is now a common and mostly ...
Cloud Services Are Vulnerable Without End-To-End Encryption

Cloud Services Are Vulnerable Without End-To-End Encryption

End-To-End Encryption The growth of cloud services has been one of the most disruptive phenomena of the Internet era.  However, ...
What Futuristic Transportation Will Look Like In Your Lifetime

What Futuristic Transportation Will Look Like In Your Lifetime

Futuristic Transportation Being stuck in traffic or late for work because of a hold up on the dreaded commute could ...
The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the ...
Cyber Security Tips For Digital Collaboration

Cyber Security Tips For Digital Collaboration

Cyber Security Tips October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security ...
Two 2017 Trends From A Galaxy Far, Far Away

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the ...

NEWS

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...
email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...