28 Jul 2010
The 2010 Verizon Data Breach Investigations report, based partly on information provided by the US Secret Service, has found that data breaches in 2009 involved more insider threats, greater use of social engineering and the continued strong involvement of organised criminal groups.
Stolen credentials were the most common way of gaining unauthorised access to organisations last year, highlighting insufficient security practices for individuals and organisations. Organised criminal groups were responsible for 85 per cent of all stolen data last year, the report said.
It also stated that most breaches could have been avoided if basic security measures had been in place. Only four per cent of breaches required difficult and expensive protective measures.
Matthijs van der Wel, managing principal for the forensics team at Verizon, explained how an organisation can detect breaches.
"You find the breaches in the log files," said van der Wel. "Typically where there's a data breach, the number of log lines in the file increases significantly. Or the log lines themselves get much longer, [showing that] someone is attempting an SQL injection."
An SQL or sequel injection occurs when someone maliciously inputs a command into a webform, which could ask the database for a list of usernames and passwords. A poorly written webform will send this command directly to the database where it will be executed.
Van der Wel had the following advice for organisations looking to secure their data from attack:
What you need is to implement a single central solution that acts as a firewall to all the management connections, thus securing priviledged users. Implementing strong authentication once centrally and then doing single signon using personalised accounts, is a very effective approach to fully securing all your sensitive devices from admin credential misuse... What you need is a 'Management Firewall'...... Check out www.osirium.com or have a look at the Osirium overview clip on YouTube: http://www.youtube.com/watch?v=6uS65eAZt1A
Posted by: Kev Pearce 10 Aug 2010
The study highlights the importance of understanding who has access to what and ensuring least privilege access among internal users. Whether malicious or not, these users represent a doorway to key sensitive data that is being targeted by cybercriminal attackers. In most cases, the data that is compromised as a result of an insider breach is much more damaging to the organisation than whatever can be gleaned by external hacking attempts. Implementing Access Assurance policies and controls that limit exposure is the first step in a successful risk mitigation strategy.
Posted by: Todd Chambers, CMO of Courion 29 Jul 2010
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Will Google’s new privacy policy impact how you use its services?
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
A showcase of the latest in the information content and management
Date: 20 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
