/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBASKING RIDGE, USA: The 2010 Verizon Data Breach Investigations Report, based on a first-of-its kind collaboration with the U.S. Secret Service, has found that breaches of electronic records last year involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups.
Also read: Security Trends 2010
The 2010 study once again shows that simple actions, when done diligently and continually, can reap big benefits. These actions include:
· Restrict and monitor privileged users. The data from the Secret Service, showed that there were more insider breaches than ever before. Insiders, especially highly privileged ones, can be difficult to control. The best strategies are to trust but verify by using pre-employment screening; limit user privileges; and employ separation of duties. Privileged use should be logged and messages detailing activity generated to management.
Also read: India needs to step up cyber offensive
· Watch for ‘Minor’ Policy Violations. The study finds a correlation between seemingly minor policy violations and more serious abuse. This suggests that organizations should be wary of and adequately respond to all violations of an organization’s policies. Based on case data, the presence of illegal content on user systems or other inappropriate behavior is a reasonable indicator of a future breach. Actively searching for such indicators may prove even more effective.
· Implement Measures to Thwart Stolen Credentials. Keeping credential-capturing malware off systems is priority No. 1. Consider two-factor authentication where appropriate. If possible, implement time-of-use rules, IP blacklisting and restricting administrative connections.
· Monitor and Filter Outbound Traffic. At some point during the sequence of events in many breaches, something (data, communications, connections) goes out externally via an organization’s network that, if prevented, could break the chain and stop the breach. By monitoring, understanding and controlling outbound traffic, an organization can greatly increase its chances of mitigating malicious activity.
· Change Your Approach to Event Monitoring and Log Analysis. Almost all victims have evidence of the breach in their logs. It doesn’t take much to figure out that something is amiss and make needed changes. Organizations should make time to review more thoroughly batch-processed data and analysis of logs. Make sure there are enough people, adequate tools and sufficient processes in place to recognize and respond to anomalies.
· Share Incident Information. An organization’s ability to fully protect itself is based on the information available to do so. Verizon believes the availability and sharing of information are crucial in the fight against cybercrime. We commend all those organizations that take part in this effort, through such data-sharing programs as the Verizon VERIS Framework.