Twitter
May
26
Statistically it has been shown that often many breaches to a business happen from the inside -- most notably becuase employees already have access to systems and enjoy a certain level of trust.
Reading a recent article by Ron Codon, UK Bureau Chief -- it becomes apparent that according to Matthjis van der Wel; who is head of forensics at Verizon Business; 80% of 600 breaches which happened over the last five years come from outside an organisation! This can be found in the following report published by Van der Wel in April.
The report goes on to emphasise that "organisations are making stupid (information security) mistakes as in failing to patch vulnerabilties, using default passwords and forgetting to close down user accounts when employees leave an organisation. The end result is data loss.
Quoted from the original article, some simple rules for reducing damage are the following:
- Do not use default passwords.
- Ensure that third-party suppliers (such as maintenance companies) do not use default passwords or shared credentials for all their clients.
- Do regular network scans to check what servers you have. If you don't know what you have, you can't protect it.
- Patch regularly, using an up-to-date network diagram to ensure all systems are covered.
- Ensure user accounts are closed when employees leave. "In the majority of the cases we've seen, a terminated employee was involved," says van der Wel. "Go through the user accounts list and check that all users are still employed within your organisation."
- Examine system file logs to establish what is normal behaviour on the system. Then you will be in a better position to recognise abnormal behaviour.
- Get IT staff to come up with different attack scenarios.
- Analyse IDS alerts, or outsource the process to a specialist service company. Do not just ignore the alerts like an annoying car alarm that keeps going off.
- Analyse IP addresses of outgoing connections.
Van der Wel's advice is to use your own staff to spot the systems' weaknesses. "Sit down with a couple of knowledgeable IT guys and come up with different attack scenarios. Ask how they would attack their own organisation. Imagine how that would show up in the log files. After that, go and look in the log files to see if anyone has done it. If you can think of it, so could others. We don't see many IT organisations spending their money doing things like that. They would rather spend the money on a new box." -- very well said!
Full article
Reading a recent article by Ron Codon, UK Bureau Chief -- it becomes apparent that according to Matthjis van der Wel; who is head of forensics at Verizon Business; 80% of 600 breaches which happened over the last five years come from outside an organisation! This can be found in the following report published by Van der Wel in April.
The report goes on to emphasise that "organisations are making stupid (information security) mistakes as in failing to patch vulnerabilties, using default passwords and forgetting to close down user accounts when employees leave an organisation. The end result is data loss.
Quoted from the original article, some simple rules for reducing damage are the following:
- Do not use default passwords.
- Ensure that third-party suppliers (such as maintenance companies) do not use default passwords or shared credentials for all their clients.
- Do regular network scans to check what servers you have. If you don't know what you have, you can't protect it.
- Patch regularly, using an up-to-date network diagram to ensure all systems are covered.
- Ensure user accounts are closed when employees leave. "In the majority of the cases we've seen, a terminated employee was involved," says van der Wel. "Go through the user accounts list and check that all users are still employed within your organisation."
- Examine system file logs to establish what is normal behaviour on the system. Then you will be in a better position to recognise abnormal behaviour.
- Get IT staff to come up with different attack scenarios.
- Analyse IDS alerts, or outsource the process to a specialist service company. Do not just ignore the alerts like an annoying car alarm that keeps going off.
- Analyse IP addresses of outgoing connections.
Van der Wel's advice is to use your own staff to spot the systems' weaknesses. "Sit down with a couple of knowledgeable IT guys and come up with different attack scenarios. Ask how they would attack their own organisation. Imagine how that would show up in the log files. After that, go and look in the log files to see if anyone has done it. If you can think of it, so could others. We don't see many IT organisations spending their money doing things like that. They would rather spend the money on a new box." -- very well said!
Full article
