The dramatic rise in threats to corporate data, from both internal and external sources, is having a profound effect on the way enterprises secure their endpoints. At the same time, the number of new computing devices that need securing – such as PDAs and smartphones – has exploded. Small wonder, then, that calls for increased “visibility” into an increasingly complex IT environment are becoming louder than ever.
This article looks at the primary “threat agents” that enterprises face; it then describes the steps they need to assess their risk and deploy appropriate solutions.
Today there are three main causes of data breaches:
- Targeted attacks. According to the latest Symantec Internet Security Threat Report, more electronic records were breached in 2008 than in the four previous years combined. And the Ponemon Institute Cost of a Data Breach Study estimates the average cost of a data breach is $2.7 million. Targeted attacks by cyber-criminals are increasingly aimed at stealing information for the purposes of identity theft. Malicious code continues to grow at a record pace, and attackers are shifting away from the mass distribution of a few threats to the micro-distribution of millions of distinct threats.
- Malicious insiders. Earlier this year, Symantec and the Ponemon Institute released a survey showing that 59% of ex-employees admitted stealing confidential information. And the danger of employees intentionally stealing valuable information is likely to increase as companies shrink their workforces. In that same survey, 24% of respondents said they had access to their former employer’s computer network after they left the company. More than one-third of those said they had access for a week or more.
- Well-meaning insiders. Lost and stolen laptops, mobile devices, portable storage, inefficient business processes all increase the risk of data loss. According to Symantec estimates, one out of every 50 network files is wrongly exposed, one out of every 400 emails contains confidential information, and four out of five companies have lost data on laptops. According to the Ponemon Institute Cost of a Data Breach Study, 88% of all data breaches in 2008 involved incidents resulting from negligence. Perhaps the most common type of data breach occurs when confidential data has been stored, sent, or copied unencrypted by well-meaning insiders, unaware of data security policies, and which in turn is captured by hackers.
Unfortunately, most organizations become aware of a data breach only after the breach has occurred. To mitigate the risks of a breach before it happens requires an accurate assessment of these key risk factors:
- Where is your most confidential data stored or exposed? Where is it flowing?
- Are there broken business processes that put you at risk?
- Are there any kinds of malware active on your network?
- Which vulnerabilities on what crucial systems represent the biggest risks?
Historically, organizations have addressed their security risks by deploying multiple security point products that don’t communicate well with each other. That has made for an increasingly complex, heterogeneous IT environment, which over time is harder to secure and manage.
What’s more, IDC has estimated that mixed-vendor environments can costs four times as much as a single-vendor environment on an annual basis (“Containing Vendor Sprawl,” Andrew Hanson and Christian Christiansen, May, 2009).
The paradox, then, is that despite significant investments in security products, many organizations remain at risk from data breaches and targeted attacks.
So are data breaches inevitable, simply the cost of doing business in an information age? Symantec doesn’t think so. Symantec offers security expertise, a global intelligence network, and real-world experience with customers, and together these can significantly reduce the risk of a data breach.
Specifically, organizations should select solutions based on an operational security model that is risk-based, content aware, responsive to threats in real time, and workflow-driven to automate data security processes as follows:
- Proactively protect information. In today’s connected world, it’s not enough to defend the perimeter. Now you must accurately identify and proactively protect your most sensitive information wherever it is stored, sent, or used. Only by enforcing unified data protection policies across servers, networks, and endpoints throughout the enterprise can you progressively reduce the risk of a data breach.
- Automate the review of entitlements to sensitive data. Improper credentials are the leading cause of targeted attacks that use malware to find and export data. By automating regular checks on passwords and other entitlement controls, organizations can reduce the risk of such a breach. In addition, failure to lock down the entitlements of terminated employees in a timely manner is a major contributor to breaches caused by malicious insiders. Automated entitlement reviews can stop such breaches before they happen.
- Identify threats by correlating real-time alerts with global security intelligence. To help identify and respond to the threat of a targeted attack, security information and event management systems can flag suspicious network activity for investigation. The value of such real-time alerts is much greater when the information they provide can be correlated with current research and analysis of the worldwide threat environment.
- Stop incursion by targeted attacks. The top three means of hacker incursion into a company’s network are default password violations, SQL injections, and targeted malware. To prevent incursions, it’s necessary to shut down each of these avenues into your organization’s information. Controls assessment automation, core systems protection, and messaging security solutions should be combined to stop targeted attacks.
- Prevent data exfiltration. In the event that a hacker incursion is successful, it’s still possible to prevent a data breach by using network software to detect and block the exfiltration of confidential data. Insider breaches can likewise be identified and stopped. Data loss prevention and security event management solutions can combine to prevent data breaches during the outbound transmission phase.
- Integrate prevention and response strategies into security operations. To prevent data breaches, it’s essential to integrate a breach prevention and response plan into the day-to-day operations of the security team. Using technology to monitor and protect information, the security team should be able to continuously improve the plan and progressively reduce risk based on a constantly expanding knowledge of threats and vulnerabilities.
Today’s heterogeneous IT environments aren’t just more susceptible to attack, they’re also more expensive to secure and manage. As a result, many organizations are at risk from data breaches and targeted attacks. Preventing data breaches requires multiple solutions that work together to solve the problem.
The first step in creating an effective prevention and response plan is to accurately identify the types of confidential data your organization needs to protect and use that information to measure your risk of exposure. For many organizations, the process begins with a risk assessment. The Symantec Data Loss Risk Assessment helps organizations quickly identify their confidential information and accurately identify and quantify their risk of a data breach.
To learn more about preventing data loss, download the interactive Symantec demo, “Anatomy of a Breach