[BreachExchange] Six Steps to Avoid Becoming a Data Breach Statistic

Inga Goddijn inga at riskbasedsecurity.com
Mon Jun 27 23:10:11 EDT 2016


http://finance.yahoo.com/news/six-steps-avoid-becoming-data-080500184.html

US fast food chain Wendy's is the latest organisation to suffer a
significant data breach. As the story unfolds, it's clear the business
seems to have been caught off guard in fully understanding the impact and
extent of the breach. This isn't at all unusual - the first time many
businesses know they've been hacked is when someone from outside the
organisation tells them. But argues Lee Painter, CEO of Hypersocket
Software, it doesn't have to be this way.

In the first half of 2015, 246 million records were breached globally and
82% were classed as mega breaches because of the numbers of records hacked.
Often, the first an organisation knows of their systems being compromised
is when an external party tells them. Even where this isn't the case, data
breach notification obligations mean businesses can't always remain silent
about a breach while they deal with the fallout.

Whether from malicious hackers, an insider job or employee errors, there
are a number of proactive steps organisations can take to mitigate the risk
and avoid becoming one of this year's data breach statistics.

*1. Address authentication*

Stolen credentials are a prime entry point to systems for hackers.
Introducing Identity and Access Management (IAM) technology means that
regardless of how a network and data is being accessed, it's being accessed
securely through correct identity mapping, correct access assignments and
robust authentication flows.

Enterprise IAM solutions can even provide real-time, continuous risk
analysis on users, detailing who has access to what, who has access to
privileged resources, their activity and summarising their behaviour and
access rights with a risk score per user.

*2. Enhance security around applications*

One of the best practices for securing data is extending security around
applications by using multi-factor authentication - providing several
separate items of evidence to be authenticated - right across systems. This
can mean, for example, proving Identity through possession of a hardware
token in addition to the user's password. Multi-factor authentication
should particularly be used for granting access to privileged users.

*3. Limit access to systems and apply fine grained controls*

The fact that someone has established his or her identity as an employee
should not result in unfettered access. It's important to work on the
principle of least privilege here to ensure employees only have access to
the services they really need. Should everyone have root access to server?
Should everyone have access to every system? Routing access through a
single point, role based access can be used to limit who has right to use
to which systems and applications. In general, businesses need to be more
rigorous on who has access to what.

*4. Test, monitor and learn on a daily basis*

The most common means of hacker into a company's network are through
exploiting system vulnerabilities, default passwords, SQL injections, and
targeted malware attacks and these need to be continually monitored for.

Constantly testing how robust systems and services are, phishing and
probing for weak points and possible points of entry should form part of
the IT team's daily tasks. IT systems provide a plethora of data every day
that can be analysed and used to mitigate breaches before they happen. This
should include regular checks on control systems such as password settings,
firewall configuration, public facing server configuration, open ports,
reducing opportunities of exposure.

*5. Password management and self service*

Access to the network may be well locked down with applications secured
behind firewalls and DMZ's or perimeter network, authentication and IAM in
place, but one element that can be lacking is security from the end user's
perspective in the form of a password policy and password management.
Passwords are so commonplace that people can become complacent with their
use. Repeated, simple, low entropy passwords can result in increased attack
vectors. Password self-service solutions can help combat identity theft,
account hacking, data theft and improve security practices of end users by
introducing strong password policies with the ability for a user to
self-reset should they forget.

Hackers rely heavily on mining information from social networking sites, so
employees should avoid using the same passwords on social sites as they do
on accessing company resources.

*6. Create a security aware culture*

Best practice in network, systems and data security needs to be enshrined
in a strong and well communicated security policy. It should be embedded
with a company's culture, rigorously monitored and taken seriously at every
level - from the CEO down.

Key protocols here include having unified data protection policies that
cross the entire organisation, and a consistent policy across all servers,
networks, computers, devices to help reduce risk.

Data breaches might be appear to be getting more frequent and the hackers
more sophisticated. In reality most data breaches are low level in their
complexity and are often the result of simple employee error. Following
these steps and employing security best practices throughout the
organisation will go a long way to reducing the chances of a breach.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160627/52c58bca/attachment.html>


More information about the BreachExchange mailing list