By Ziften CEO Charles Leaver
For United States companies the occurrence of a major cyber attack and consequential data leakage is looking more like “when” instead of “if”, because of the brand-new dangers that are presenting themselves with fragmented endpoint techniques, cloud computing and data intensive applications. All too frequently organizations are disregarding or improperly resolving vulnerabilities that are understood to them, and with aging IT assets that are not properly protected the cyber lawbreakers begin to take notice.
The variety of data breaches that are taking place is very troubling. In a report from the Verizon Risk Team there were 855 substantial breaches which led to 174 million records being lost back in 2011. The stakes are really high for companies that handle personally identifiable info (PII), since if staff members are not educated on compliance and inadequate endpoint data protection measures are in place then expensive legal action is most likely to happen.
” The probability of a data breach or privacy problem happening in any business has become a virtual certainty,” Jeffrey Vagle, legal expert writing for Mondaq stated. He advised that record keepers have to reassess their approach to network and device security, worker data access controls and the administration of PII info. The increase in the use of cloud services can make the prevention of data breaches more of a challenge, as these services allow the enormous exchange of details every time. It would only take one event and millions of files could be lost.
Understood Vulnerabilities Require Focus
A lot of IT departments fret constantly about zero day attacks that will cause a data breach and catch them off guard. As an example of this, Dirk Smith of Network World discussed an Adobe Acrobat exploit that opened the door for hackers to conduct advanced monitoring. A great deal of IT vulnerabilities can come when software is not patched up to date, and a great deal of zero day threats can happen from weak points in legacy code which includes a bug in Windows which targeted features that were first introduced Twenty Years earlier.
Security professional, Jim Kennedy wrote in a Continuity Central post “something that I have discovered is that much of the breaches and intrusions which prospered did so by attacking known vulnerabilities that had been determined and had actually been around for many years: not from some sophisticated ‘zero-day’ attack which was unidentified and unknown until only the other day by the security community at large.” “And, much more troubling, social engineering continues to be a most effective way to begin and/precipitate an attack.”
Now the cyber criminal fraternity has access to a comprehensive range of pre packaged malware. These tools have the ability to carry out network and computer system analytics that are complicated in nature then advise the ideal attack technique. Another risk is a human one, where workers are not trained properly to screen out calls or messages from people who lie about belonging to the technical support team of an external security service provider.
It is certainly very important to proactively resist zero day attacks with robust endpoint protection software applications, but also organizations need to integrate reliable training and processes with the software and hardware solutions. While many organizations will have a number of security policies in place there is normally a problem with enforcing them. This can lead to risky variations in the motion of data and network traffic that should be reviewed by security personnel being neglected and not being addressed.