BreachExchange mailing list archives
Data Theft And Cybercrime: Four Ways To Protect Your Business
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 5 May 2014 18:26:18 -0600
http://www.forbes.com/sites/ibm/2014/05/05/data-theft-and-cybercrime-four-ways-to-protect-your-business/2/ Sixty-one percent of organizations say data theft and cybercrime are the greatest threats to their reputation. And the costs of those breaches continue to rise. According to the Poneman Institute’s 2014 U.S. Cost of Data Breach study, the organizational cost of data breaches has increased from $5.4 million to $5.9 million annually. Years ago business faced broad-based, but generic attacks, such as the catapults and ladders used against the castles of yesteryear. Perimeter protection — like the walls of the castle — provided solid defense. If some poor company got hit with a new buffer overflow exploit or Windows virus, signature updates would quickly deliver protection to others around the world. An adequate system while it lasted, but the world has changed dramatically. Motivated by big financial windfalls, the ability to disrupt commerce and damage brands, rather than simple vandalism and fame, these attackers now have more sophisticated modus operandi. They leverage the internet and underground networks to rapidly morph and shield their techniques. They are laser focused with small teams dedicated to theft from specific organizations — even if it takes 12 to 24 months. Trusteer, an IBM company, sees new custom malware crafted for specific financial institutions every day, all over the globe. A medieval reliance on watching from the rampart provides little comfort as attackers have fast forwarded into the future where darkened commandos drop from helicopters to within your castle walls. The standard practice of delivering more products for each new threat just widens the wall, while adding complexity. Here are four essential truths when it comes to real threat protection: 1. Prevention of significant loss is mandatory, not perfect detection. Cities do not have a protection strategy that relies on keeping all bad elements out of the city. Instead, knowing bad actors exist, the police look for indicators of suspicious actions so they can prevent bad results. While it is interesting to form a genus of every possible bad thing you have found in your network this week, has it made you safer? Will naming all the ammunition flying at our customers actually prevent them from being hit? Rather than trying to protect every asset in your organization from every potential threat, a risk-based approach that focuses disproportionately on crown jewels is mandatory. Perimeter protections are important, but insufficient in the new world. Systems on the network, endpoints and databases that capture usage patterns, behavior and anomalies are critical in the face of unique crafted threats. For example, we have found that while there are tens of thousands of crafted malware pieces that can infect an endpoint, there are only a couple hundred techniques used to install and exfiltrate data, which are the bad actions that lead to a bad result and these actions can be prevented. Focus these techniques on crown jewels and at each stage of an attack chain. Break the chain at any stage and loss is prevented — even though there may have been some bad activity. 2. Security intelligence is the underpinning. Security is made with data. Security intelligence is foundational to solving the next generation of tough information security problems. Security intelligence allows you to capture your business rules in observed activity. Such intelligence, applied to crown jewels, is transformational. An unusual single connection from a sensitive finance server to an IT server that it never communicated to before is a bad action and indicator of compromise easily detected. Sophisticated, agile, and solely focused on your firm and your technologies, attackers have an information advantage over your security team that struggles to juggle and manage remarkable complexity. Security intelligence allows you to capture how your key assets are accessed and used. Triggers and landmines are set for potential intruders at each stage of an attack chain. External real-time updates mesh internal and external intelligence. While the insidious malware looks to spread, it steps on a collection of intelligence landmines, which is impossible for an external attacker to discern. Security intelligence, based on a foundation of extensive coverage and exceptional analytics, is key to shifting the information advantage from the attacker to you. 3. Integration and cooperation must break down silos. Imagine 80 distinct products from 45 different vendors that one customer has to manage. Not an unusual story and a problem the fragmented security industry must address. We must deliver a roadmap to customers that drives this complexity down over time. Products that are not integrated — at least at the information-sharing level — cannot deliver on their promise in a vacuum when attackers are deft at weaving around gaps. If bad action is detected by an endpoint sensor, this behavior should also be captured and prevented in the network. Whenever anything suspicious is noticed, it must be shared globally within an enterprise and outside. 4. Collective security must be open. It is critical that we deliver platforms, cooperating solutions and information sharing between components. But, this must be based on a commitment to openness. Customers live in a reality of legacy, gradual migration and need for flexibility.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Data Theft And Cybercrime: Four Ways To Protect Your Business Audrey McNeil (May 12)