A Boston Globe article caught my eye. Although it’s not news to me (or probably you), here is more than anecdotal evidence that many medium and small businesses are still not making inroads into security issues.
The article reports on a study performed by Verizon Communications analyzing 500 data breaches since 2004, with a total of over 230 million compromised records. Also included are five of the biggest breaches ever reported.
63% had at least two months go by before the breach was discovered. In 70 per cent of cases, a third party discovered the breach and contacted the organization. That’s seventy percent of hacked businesses that did not know they had been broken into.
It’s a report that is well worth reading, unlike many vendor-based papers, and it provides some deeply interested points to consider. I’ve added my conclusions in bold face:
“# Most data breaches investigated were caused by external sources. Thirty-nine percent of breaches were attributed to business partners, a number that rose five-fold during the course of the period studied.”
Segment and monitor your vendor and third-party access points.
“# Most breaches resulted from a combination of events rather than a single action. Sixty-two percent of breaches were attributed to significant internal errors that either directly or indirectly contributed to a breach. ”
Control and monitor user access rights.
# Of those breaches caused by hacking, 39 percent were aimed at the application or software layer. Attacks to the application, software and services layer were much more commonplace than operating system platform exploits, which made up 23 percent.
Ensure the software your company purchases has a strong security portion of their SDLC (Software Development Life Cycle) and a commitment to test and report/fix OS patches in a timely manner.
# Fewer than 25 percent of attacks took advantage of a known or unknown vulnerability. Significantly, 90 percent of known vulnerabilities exploited had patches available for at least six months prior to the breach.”
(BIG no brainer) Patch your servers, especially those facing the Internet and database servers, quickly.
#Only 18 percent of breaches were attributed to insiders (although when the culprit was an insider, the consequences of the breach were generally greater, exceeding the size of external breaches by ten to one)…In the case of insider attacks, IT administrators were by far the biggest culprits, accounting for 50 percent of attacks.
Monitor your users with administrative access. Insiders still carry the highest risk.