Black Hat, White Hat hackers agree: Phishing is best way to steal data
Cybersecurity firm Bitglass surveyed 129 White Hat and Black Hat hackers that attended the Black Hat 2017 national cybersecurity conference to find out for the benefit of businesses, including healthcare organizations, what hackers say are the easiest ways into an organization. And the firm got an earful.
Fifty-nine percent of respondents identified phishing as the best data exfiltration strategy, as human error and ignorance will always be exploitable, according to the Bitglass report entitled “Data Games: Security Blind Spots According to Experts.”
Right in line with recent cyberattacks, malware and ransomware ranked second, at 27 percent, the report found.
[Also: Toronto hospital backs new encryption security strategy]
Hackers also pointed out the three least effective enterprise security measures, according to them: password protection, facial recognition and access controls.
“Phishing and malware are threats made all the more potent by cloud adoption and the ease with which employees can share corporate data,” said Mike Schuricht, vice president of product management at Bitglass. “Many security technologies fail to address IT’s largest blind spots – unmanaged devices and anomalous access.”
[Also: Experts back Senate IoT security legislation]
The Black Hat/White Hat report also found that the top five data security blind spots are unmanaged devices (61 percent), systems/applications/programs not up to date (55 percent), mobile devices (36 percent), data at rest in the cloud (26 percent), and traditional on-premises security (20 percent). Further, it found that password-protected documents (33 percent) were ranked as the least effective security tool, followed by facial recognition (19 percent).
Facial recognition was rated as the worst tool six times more often than fingerprint authentication, which is intriguing in light of the new iPhone’s shift to facial recognition security. And 83 percent of respondents believe that hackers are motivated by the monetary value of stolen data, with ego and entertainment-value playing only a small role, the report said.
Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com