9. Poorly Protected Data
Verizon said only 15 percent of the breaches it analyzed had a complete and reliable count of compromised records. Making up the bulk of the stolen data was payment information and stolen account credentials. System information was also stolen, followed by internal data and intellectual property. Verizon said financially motivated attackers favor payment and personal information; cyberespionage attacks target trade secrets, internal organizational data and system information; and hacktivists seek out personal information and internal organizational data. Account credentials are coveted by all. Payment card data should be encrypted and never stored. Stored account credentials should be hashed and salted, a cryptographic process that makes them difficult to crack.