28 Jul 2010
The 2010 Verizon Data Breach Investigations report, based partly on information provided by the US Secret Service, has found that data breaches in 2009 involved more insider threats, greater use of social engineering and the continued strong involvement of organised criminal groups.
Stolen credentials were the most common way of gaining unauthorised access to organisations last year, highlighting insufficient security practices for individuals and organisations. Organised criminal groups were responsible for 85 per cent of all stolen data last year, the report said.
It also stated that most breaches could have been avoided if basic security measures had been in place. Only four per cent of breaches required difficult and expensive protective measures.
Matthijs van der Wel, managing principal for the forensics team at Verizon, explained how an organisation can detect breaches.
"You find the breaches in the log files," said van der Wel. "Typically where there's a data breach, the number of log lines in the file increases significantly. Or the log lines themselves get much longer, [showing that] someone is attempting an SQL injection."
An SQL or sequel injection occurs when someone maliciously inputs a command into a webform, which could ask the database for a list of usernames and passwords. A poorly written webform will send this command directly to the database where it will be executed.
Van der Wel had the following advice for organisations looking to secure their data from attack:
What you need is to implement a single central solution that acts as a firewall to all the management connections, thus securing priviledged users. Implementing strong authentication once centrally and then doing single signon using personalised accounts, is a very effective approach to fully securing all your sensitive devices from admin credential misuse... What you need is a 'Management Firewall'...... Check out www.osirium.com or have a look at the Osirium overview clip on YouTube: http://www.youtube.com/watch?v=6uS65eAZt1A
Posted by: Kev Pearce 10 Aug 2010
The study highlights the importance of understanding who has access to what and ensuring least privilege access among internal users. Whether malicious or not, these users represent a doorway to key sensitive data that is being targeted by cybercriminal attackers. In most cases, the data that is compromised as a result of an insider breach is much more damaging to the organisation than whatever can be gleaned by external hacking attempts. Implementing Access Assurance policies and controls that limit exposure is the first step in a successful risk mitigation strategy.
Posted by: Todd Chambers, CMO of Courion 29 Jul 2010
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
