Blog / News


81% of data leakage incidents result from accounts theft

Account management assigned to non-human elements such as devices and applications is indispensable. Recently, attackers use account information, not malicious code. Malicious code can be blocked by multiple security policies, so attackers are looking for other attack tools than malware and use the most successful user accounts.

According to an analysis by various market research institutes, 81% of data leakage incidents were caused by weak passwords and stolen accounts, 91% of phishing attacks were aimed at user accounts, and 80% of security incidents were from accounts with administrative authority.

Account information can be purchased cheaply in the underground market, and account information previously stolen can be used as is, or a similar combination of letters and numbers can be created and used. CRITICAL STUFFING, which creates a normal user account while inserting into a web service using an automated bot, is also easy to use. Account information can also be found through unmanaged clouds, neglected servers, public emails, and information left on bulletin boards or SNS due to the carelessness of users.

Systems that can log in with only ID/PW are limited, and important information is still not safe even if you think it is safe because it requires additional authentication. There are more important systems that can be accessed without additional authentication than required normally. For convenient remote management of core systems, it is often set up to access with shared ID/PW, and account information of easy combinations of letters and numbers such as admin/1234 is still used.

[Source: Datanet]

Data Masking
18 Apr: Data Masking

Data masking, also known as data obfuscation, hides the actual data using modified content like characters or numbers. The idea behind data masking is creating another version of data that cannot be easily identifiable or reverse engineered, protecting data classified as sensitive.

Leave a comment