Posted by: Tessa Parmenter
Today marks the release of the third annual Verizon data breach investigations report for 2010. Verizon Business believes more should be done in the telecom industry to increase information security awareness. This is one of the reasons why they began conducting data breach surveys back in 2008. What makes this year’s report so different from previous years is that the 2010 survey incorporates statistics from the United States Secret Service, which has given the telecom company 40% more information–covering companies both large and small of nearly every persuation across the globe.
According to the report, almost all data (98%) were breached from servers and applications. For a corporate wide area network (WAN), the risk that an attack will come from an application-specific attack is especially high, since today’s WANs usually traverse the Internet and focus on WAN application delivery.
Verizon researchers noted that theives will assess targets by choosing the most valuable data and weigh it with the cost of an attack. The harder the attacker works, the bigger the score. Your company size does not matter, but your WAN security weaknesses do.
Although last year’s U.S., Korea Internet attacks indicated a rise of sophisticated criminals, the 2010 Verizon data breach investigation found 85% of attacks were considered unadvanced and not difficult. 96% were avoidable through simple or intermediate controls. 86% of all breaches were recorded in log files. The worst part is that not only were data breaches discovered by a third party in most cases, they were usually discovered months after the fact.
“Many victims didn’t have the technology in place to catch attackers” said Wade Baker, one of the 2010 Verizon data breach investigations report authors. Otherwise, it was obvious that many organizations only put security in place to put a check mark on their list. In other words, a company’s data loss prevention technology was not formed to fit a network’s needs.
John Pironti explains that a thorough risk assessment must occur in order to solve network security threats:
“The thing that keeps me awake at night is this conversation about compliance — essentially giving enterprises checklists to go through … which is a paint-by-numbers approach to security, instead of doing security by risk assessment.”
To decrease the chances of an attack, is there anything a WAN manager can do? Below is a list of action items:
- Per the note above, complete a risk assessment before implementing security technology: Many WAN managers do not have evidence-based security. This is one way to get it.
- Restrict and monitor privileged users: Most end users operate as systems admins on their own networks. If we dial this back, we can avoid a situation where credentials are stolen.
- Check your logs: Log analysis reports are not where they should be. In this way, we don’t have the technology in place to properly mitigate an attack, but what we do have, we can at least monitor.
- When you’re making a network, check it twice: The report found that human error is almost always a contributing factor in a breach. Something as simple (and common) as failing to change credentials makes it easy for a hacker or cyber criminal to intercept valuable data across your WAN.