User Names, Passwords Top Hacker Targets, Report Concludes
|May 1, 2014|
The use of stolen and/or misused credentials—such as user name/passwords—continues to be the top way for hackers to gain access to information, according to the 2014 Verizon Data Breach Investigations Report. Two out of three breaches exploit weak or stolen passwords, making a case for strong two-factor authentication, the report concluded. The report also found that 47 percent of the intrusions were not discovered "for months" and 68 percent of them were discovered by outsiders, not by the organization or company. “Organizations need to realize no one is immune from a data breach,” said Wade Baker, principal author of the Data Breach Investigations Report series. “Compounding this issue is the fact that it is taking longer to identify compromises within an organization—often weeks or months, while penetrating an organization can take minutes or hours.” The 2014 data breach report analyzed more than 1,300 confirmed data breaches as well as more than 63,000 reported security incidents. The report identified nine main threat patterns:
Specific to the financial services sector, 75 percent of the incidents came from web application attacks, distributed denial of service (DDoS) and card skimming. For the real estate sector, 70 percent of incidents stem from insider misuse, miscellaneous error and theft/loss. The third pillar of ALTA’s ”Title Insurance and Settlement Company Best Practices” provides guidance on how to protect non-public personal information.