Data Theft And Cybercrime: Four Ways To Protect Your Business

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.forbes.com/sites/ibm/2014/05/05/data-theft-and-cybercrime-four-ways-to-protect-your-business/2/


Sixty-one percent of organizations say data theft and cybercrime are the
greatest threats to their reputation. And the costs of those breaches
continue to rise. According to the Poneman Institute’s 2014 U.S. Cost of
Data Breach study, the organizational cost of data breaches has increased
from $5.4 million to $5.9 million annually.

Years ago business faced broad-based, but generic attacks, such as the
catapults and ladders used against the castles of yesteryear. Perimeter
protection — like the walls of the castle — provided solid defense. If some
poor company got hit with a new buffer overflow exploit or Windows virus,
signature updates would quickly deliver protection to others around the
world. An adequate system while it lasted, but the world has changed
dramatically.

Motivated by big financial windfalls, the ability to disrupt commerce and
damage brands, rather than simple vandalism and fame, these attackers now
have more sophisticated modus operandi. They leverage the internet and
underground networks to rapidly morph and shield their techniques. They are
laser focused with small teams dedicated to theft from specific
organizations — even if it takes 12 to 24 months. Trusteer, an IBM company,
sees new custom malware crafted for specific financial institutions every
day, all over the globe.

A medieval reliance on watching from the rampart provides little comfort as
attackers have fast forwarded into the future where darkened commandos drop
from helicopters to within your castle walls. The standard practice of
delivering more products for each new threat just widens the wall, while
adding complexity.

Here are four essential truths when it comes to real threat protection:

1. Prevention of significant loss is mandatory, not perfect detection.

Cities do not have a protection strategy that relies on keeping all bad
elements out of the city. Instead, knowing bad actors exist, the police
look for indicators of suspicious actions so they can prevent bad results.

While it is interesting to form a genus of every possible bad thing you
have found in your network this week, has it made you safer? Will naming
all the ammunition flying at our customers actually prevent them from being
hit?

Rather than trying to protect every asset in your organization from every
potential threat, a risk-based approach that focuses disproportionately on
crown jewels is mandatory. Perimeter protections are important, but
insufficient in the new world.

Systems on the network, endpoints and databases that capture usage
patterns, behavior and anomalies are critical in the face of unique crafted
threats. For example, we have found that while there are tens of thousands
of crafted malware pieces that can infect an endpoint, there are only a
couple hundred techniques used to install and exfiltrate data, which are
the bad actions that lead to a bad result and these actions can be
prevented.

Focus these techniques on crown jewels and at each stage of an attack
chain. Break the chain at any stage and loss is prevented — even though
there may have been some bad activity.

2. Security intelligence is the underpinning.

Security is made with data. Security intelligence is foundational to
solving the next generation of tough information security problems.
Security intelligence  allows you to capture your business rules in
observed activity. Such intelligence, applied to crown jewels, is
transformational. An unusual single connection from a sensitive finance
server to an IT server that it never communicated to before is a bad action
and indicator of compromise easily detected.

Sophisticated, agile, and solely focused on your firm and your
technologies, attackers have an information advantage over your security
team that struggles to juggle and manage remarkable complexity. Security
intelligence allows you to capture how your key assets are accessed and
used. Triggers and landmines are set for potential intruders at each stage
of an attack chain. External real-time updates mesh internal and external
intelligence. While the insidious malware looks to spread, it steps on a
collection of intelligence landmines, which is impossible for an external
attacker to discern. Security intelligence, based on a foundation of
extensive coverage and exceptional analytics, is key to shifting the
information advantage from the attacker to you.

3. Integration and cooperation must break down silos.

Imagine 80 distinct products from 45 different vendors that one customer
has to manage. Not an unusual story and a problem the fragmented security
industry must address. We must deliver a roadmap to customers that drives
this complexity down over time.

Products that are not integrated — at least at the information-sharing
level — cannot deliver on their promise in a vacuum when attackers are deft
at weaving around gaps. If bad action is detected by an endpoint sensor,
this behavior should also be captured and prevented in the network.
Whenever anything suspicious is noticed, it must be shared globally within
an enterprise and outside.

4. Collective security must be open.

It is critical that we deliver platforms, cooperating solutions and
information sharing between components. But, this must be based on a
commitment to openness. Customers live in a reality of legacy, gradual
migration and need for flexibility.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!