Human Resources magazine and the HR Bulletin daily email newsletter:
Asia's only regional HR print and digital media brand.
Register for your FREE subscription now »
Data security has become one of the biggest concerns for companies, so is your organisation doing enough to protect itself from being vulnerable to breaches?
A new report by Verizon, which studied more than 47,000 security incidents and 621 breaches, found 75% were motivated by financial motives, 71% targeted user devices and 54% compromised servers. It also found 75% were considered “opportunistic attacks” and two thirds of all attacks took months to discover, usually by a third party.
The 2013 Data Breach Investigations Report also found 14% of breaches were perpetrated by insiders, and 1% implicated business partners. With more than half (52%) of breaches also involving hacking, 76% being a result of weak or stolen credentials and 40% incorporating malware, organisations have to do more to step up data security internally.
“The bottom line is that unfortunately, no organisation is immune to a data breach in this day and age. We have the tools today to combat cybercrime, but it’s really all about selecting the right ones and using them in the right way,” Wade Baker, principal author of the report, said.
“In other words, understand your adversary – know their motives and methods, and prepare your defences accordingly and always keep your guard up.”
Here are eight ways highlighted in the report to help companies better protect themselves against data breaches:
1. Eliminate unnecessary data; keep tabs on what’s left.
2. Ensure essential controls are met. Regularly check that they remain so.
3. Collect, analyse and share incident data to create a rich data source that can drive security programme effectiveness.
4. Collect, analyse, and share tactical threat intelligence, especially Indicators of Compromise (IOCs), that can greatly aid defense and detection.
5. Without de-emphasising prevention, focus on better and faster detection through a blend of people, processes, and technology.
6. Regularly measure things like “number of compromised systems” and “mean time to detection” in networks. Use them to drive security practices.
7. Evaluate the threat landscape to prioritise a treatment strategy. Don’t buy into a “one-size fits all” approach to security.
8. If you’re a target of espionage, don’t underestimate the tenacity of your adversary. Nor should you underestimate the intelligence and tools at your disposal.