[BreachExchange] Six steps to avoid becoming a data breach statistic

Inga Goddijn inga at riskbasedsecurity.com
Wed May 25 19:11:31 EDT 2016


http://www.information-age.com/technology/security/123461499/six-steps-avoid-becoming-data-breach-statistic

In the first half of 2015, 246 million records were breached globally and
82% were classed as mega-breaches, because of the numbers of records
hacked. Often, the first an organisation knows of their systems being
compromised is when an external party tells them.

Even where this isn’t the case, data breach notification obligations mean
businesses can’t always remain silent about a breach while they deal with
the fallout. As a result, rarely a month goes by without a news story on a
high profile data breach emerging.

Whether from malicious hackers, an insider job or employee errors, there
are a number of proactive steps organisations can take to mitigate the risk
avoid becoming one of this year’s data breach statistics.

*Address authentication*

Stolen credentials are a prime entry point to systems for hackers.
Introducing Identity and Access Management (IAM) technology means that
regardless of how a network and data is being accessed, it’s being accessed
securely through correct identity mapping, correct access assignments and
robust authentication flows.

Enterprise IAM solutions can even provide real-time, continuous risk
analysis on users, detailing who has access to what, who has access to
privileged resources, their activity and summarising their behaviour and
access rights with a risk score per user.

*Enhance security around applications*

Building on this, one of the best practices for securing data is extending
security around applications by using multi-factor authentication -
providing several separate items of evidence to be authenticated - right
across systems.

This can mean, for example, proving identity through possession of a
hardware token in addition to the user’s password. Multi-factor
authentication should particularly be used for granting access to
privileged users.

*Limit access to systems and applications and apply fine grained controls*

However, the fact that someone has established his or her identity as an
employee should not result in unfettered access. It’s important to work on
the principle of least privilege here to ensure employees only have access
to the services they really need.

Should everyone have root access to server? Should everyone have access to
every system? Routing access through a single point, role based access can
be used to limit who has right to use to which systems and applications. In
general, businesses need to be more rigorous on who has access to what.

Finally, businesses should consider provisioning and de-provisioning
systems to help with automating new hire enrolment and performing necessary
clean up tasks when employees leave. No one wants a disgruntled employee
using their old account to hack into the company network.

*Test, monitor and learn on a daily basis*

The most common means of hacker into a company’s network are through
exploiting system vulnerabilities, default passwords, SQL injections, and
targeted malware attacks and these need to be continually monitored for.

Constantly testing how robust systems and services are, phishing and
probing for weak points and possible points of entry should form part of
the IT team’s daily tasks. Monitoring and auditing is useful not only in
‘after the fact’ analysis of how the business was breached but also as an
upfront real-time proactive measure to help an organisation avoid breaches
in the first place.

IT systems provide a plethora of data every day that can be analysed and
used to mitigate breaches before they happen. This should include regular
checks on control systems such as password settings, firewall
configuration, public facing server configuration, open ports, reducing
opportunities of exposure.

Any public facing SSH servers that are vital for business operations should
be locked behind firewalls just like other public facing systems with root
access disabled. Any server with port 22 open will likely be bombarded by
brute force password attempts from XOR.DDoS botnets and so an IP
restriction policy needs to be imposed or the server placed behind an SSH
gateway that can monitor and protect access to the critical servers behind.

If the worst does happen, data leak prevention software can help even once
a hacker is in to prevent, block and alert access of sensitive data.

*Password management and self service*

Password management and self-service solutions can also be part of an
organisation’s security arsenal and help mitigate against data breaches.

Access to the network may be well locked down with applications secured
behind firewalls and DMZ’s or perimeter network, authentication and IAM in
place, but one element that can be lacking is security from the end user’s
perspective in the form of a password policy and password management.

Passwords are so commonplace that people can become complacent with their
use. Repeated, simple, low entropy passwords can result in increased attack
vectors.

Password self-service solutions can help combat identity theft, account
hacking, data theft and improve security practices of end users by
introducing strong password policies with the ability for a user to
self-reset should they forget.

Hackers rely heavily on mining information from social networking sites, so
employees should avoid using the same passwords on social sites as they do
on accessing company resources.

*Create a security-aware culture*

There is one final element that is less to do with systems, authentication
and access, but can make a huge difference to how successfully an
organisation can stand up to a potential hack - culture. Best practice in
network, systems and data security needs to be enshrined in a strong and
well communicated security policy.

It needs to be embedded with a company’s culture, rigorously monitored and
taken seriously at every level - from the CEO down.

Key protocols here include having unified data protection policies that
cross the entire organisation, and a consistent policy across all servers,
networks, computers, devices to help reduce risk.

A prevent and response plan needs to be constantly updated, outlining
critical actions in the event of a breach, for example locking and moving
sensitive information.

While reports of data breaches might be appear to be getting more frequent
and the hackers ever more sophisticated, the reality is that most data
breaches are low level in their complexity and are often the result of
simple employee error.

Following these steps and employing security best practices throughout the
organisation covering everything from office security to password,
authentication and access policies will go a long way to reducing the
chances of a breach.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160525/b022accb/attachment.html>


More information about the BreachExchange mailing list