Professional Documents
Culture Documents
Getting back to basics means repeatedly taking a hard look at ones security
environment, crossing all the Ts and dotting all the Is. And then doing it
again. After all, if a basic level of security isnt maintained and a breach
occurs, the blame falls squarely on the shoulders of the security profes-
sional. Still, in the realm of security basics, hardening security configurations
across corporate IT assets may seem like reverting back to Security 101.
But when attackers troll for the least-defended environments, such security
measures are exactly what it takes to force attackers on to greener pas-
tures. Think about it its why a burglar looks for an open window or door
Custom Solutions Group before he breaks one.
2 WHITE PAPER | SCM: The Blocking and Tackling of IT Security
An Ounce of Prevention
Perhaps most disturbing, however, is
the simple fact that the vast majority of
breaches that occur could have been
prevented. Verizons report says that
92 percent of last years attacks were
not considered highly difficult, and
96 percent could have been avoided
through simple or intermediate control.
Attackers in the House Blander, CEO & Co-Owner of InfoSecu- Whats more, 50 percent of the breaches
Data breaches continue to rank as a rityLab, which builds worldwide infor- involved hacking and 49 percent
top threat to corporate environments, mation security and risk management involved malware (with some overlap
as more and more attackers success- programs for businesses. that involved both) and both of these
fully find their way into networks. vectors prey primarily on weakly config-
According to Verizons 2011 Data Breach And while the theft of customer or ured or loosely monitored systems.
Investigation Report, data loss through employee personal data and corpo-
cyber attacks decreased significantly in rate financial data is still concerning, While theres no such thing as an IT
2010, but the total number of breaches companies today are most worried that environment that is 100 percent secure,
was higher than ever. The number of their intellectual property (IP) could taking fundamental steps to assess and
compromised records involved in data be stolen as a result of unauthorized harden IT systems is the basic blocking
breaches dropped to 4 million in 2010, network access. IP is getting higher and and tackling of IT security that removes
down from 144 million in 2009. Yet higher on executives lists of worries. the root cause of the vast majority of
there were approximately 760 breaches Companies really care about competi- breaches. These steps include:
last year, the largest number since the tors finding out their project ideas and 4 Assess and inventory configura-
reports inception. having them show up somewhere else tions on all servers and devices, and
in the world with some other companys compare the results to some under-
This means that while attackers dont name on it, says Blander. stood, recognized security standard
always steal data, their ability to gain (like CIS, NIST, or ISO-27001)
unauthorized access continues to grow. In fact, in its June report entitled 4 Gain immediate, real-time insight into
Considering that many attacks today Perceptions About Network Security, any changes to the files, configura-
arent isolated incidents attackers the Ponemon Institute found that 80 tions items and states that define
often work to break down a networks percent of the 583 IT security practi- this security standard
security over time breaches that tioners in the U.S. who responded to
dont result in immediate data theft a survey said they had experienced at Blocking and tackling for security
may still be dangerous as they lay the least one data breach. Of those who professionals means going back to
groundwork for future harm. In 2010 were able to calculate the cost of secu- basics and eliminating the easy ins
outsiders were responsible for more rity breach including cash outlays, preyed on by attackers in the Verizon
data breaches than in the past, totaling internal labor, overhead, revenue report, like open ports and unused
92 percent, which Verizon attributes losses, and other related expenses services, the use of default or easily
to the significant increase in smaller 41 percent said the breach cost them guessed administrator passwords,
external attacks. $500,000 or more. or improperly configured firewalls.
Blocking and tackling for IT security
Right now, the threat of breaches Whats more, 53 percent of respondents teams also means keeping continuous
from external parties is the No. 1 issue to the Ponemon survey said they have watch on these systems, to detect the
my clients worry about, says Daniel little confidence that they would be able clues that indicate attacks in prog-
3 WHITE PAPER | SCM: The Blocking and Tackling of IT Security