One Breach Is One Too Many

Security Risk Assessment

In a world where information is everywhere, it has become harder for organizations to defend against targeted attacks and the insider threat to information. This online IT risk assessment has been created to help you understand how secure your organization is against today's evolving threats. Your results will be displayed in a dashboard, identifying key areas within your security posture that could be putting your business at risk. Most importantly, this assessment will also outline next steps to help you better protect your information, protect your infrastructure, define and enforce IT policies and more easily manage your systems.

Information is everywhere. So are the opportunities for a data breach.

It only takes one. The consequences of just one data breach can range from brand damage, customer attrition and regulatory penalties to intellectual property theft and system vulnerability on a massive scale. To prevent against data breaches you need a thorough information security risk assessment – and the best protection from a trusted security advisor. That’s why 100 percent of the FORTUNE 500 rely on Symantec for their security solutions and services. Because one breach is one too many. When considering your IT risk assessment – and whether you need additional support – ask yourself these questions:
  • Can you respond to threats proactively?
  • Do you know where your sensitive information resides?
  • Can you enforce IT policies and remediate deficiencies?
  • Can you easily manage the lifecycle of your IT assets?
Symantec Solutions can help you answer these questions and protect against a data breach. With Symantec you can protect your information, your infrastructure, define and enforce IT policies and more easily manage your systems.

Learn more about Symantec’s market leading Security Solutions and Services.

Solutions

Symantec is an industry-leader in security solutions. Technology, expertise, and history enable us to deliver comprehensive protection against the latest breed of data breaches, threats, and attacks to your servers, endpoints, and critical information.
Data Loss Prevention
Identify and protect confidential information to prevent data breaches, stop data leakage, demonstrate compliance and reduce the risk of external attacks and the insider threat.

Endpoint Security
Improve threat monitoring and reduce the administrative burden of protecting endpoints against known and unknown threats.

Endpoint Management
Reduce IT costs and complexities while improving efficiencies with comprehensive, integrated client and server management.

IT Compliance
Automate compliance processes using a risk-based approach to protect information, address threats quickly, and reduce costs and risks.

Messaging Security
Protection against external threats over inbound and outbound email, instant messages (IM) and SharePoint collaboration with integrated antispam, antivirus, and advanced content filtering.

Security Management
Optimize security processes to identify vulnerabilities and protect against attacks.

Web Security
Secure and manage Web traffic by filtering Web malware threats, blocking URLs with inappropriate content, and preventing confidential data loss over Web protocols.

Products

Data Loss Prevention
Symantec Data Loss Prevention delivers a unified solution to discover, monitor, and protect confidential data wherever it is stored or used.

Control Compliance Suite
Symantec Control Compliance Suite (CCS) 9.0 is a group of integrated products that helps you dramatically reduce the cost of managing compliance through process automation.
Trialware

Protection Suite Enterprise Edition
Symantec Protection Suite Enterprise Edition creates a protected endpoint, messaging, and web environment that is secure against today’s complex malware, data loss and spam threats, and is quickly recoverable in the event of failure.
Trialware

Total Management Suite
Total Management Suite provides the most complete, easy-to-use IT lifecycle management platform that helps improve quality of service while reducing the cost of owning and managing IT assets.
Trialware

Anatomy of a Data Breach

Many security teams focus solely on stopping targeted attacks, but keeping the bad guys out is only one part of the strategy. Here we outline the three sources of a data breach – well-meaning insiders, malicious insiders, and targeted attacks – and the four phases of a targeted attack.
What can you do to stop a data breach before it happens? Find the answers in our white paper: Why Breaches Happen and What to Do About It.
Watch our video to learn more about the Anatomy of a Data Breach.
Well-Meaning Insiders
Well-meaning insiders include company employees who inadvertently violate data security policies. An analysis of breaches caused by well-meaning insiders yields five main types:
  • Data exposed on servers and desktops
  • Lost or stolen laptops
  • Data sent via email, Web mail, or saved to removable devices
  • Third-party data loss incidents
  • Business processes that automate the spread of sensitive data
What can you do to prevent well-meaning employees from causing a data breach? Learn more by downloading 6 Steps to Prevent a Data Breach.
Malicious Insiders
Malicious insiders are a small yet growing segment source of data breaches. Why do these employees matter? Malicious insiders cost companies more. The Ponemon study found that data breaches involving negligence cost $199 per record, whereas those caused by malicious acts cost $225 per record.1 Data Breaches caused by malicious insiders fall into four groups:
  • White collar crime
  • Terminated employees
  • Career building with company data
  • Industrial espionage
Learn more about malicious insiders, well-meaning insiders and targeted attacks by reading the whitepaper. Why Breaches Happen and What to Do About It.
Targeted Attacks
Driven by the rise in organized cybercrime and the growing black market value of information such as bank accounts, credit card numbers, and personally identifiable information, targeted attacks are increasingly aimed at stealing confidential information from employees and corporations. In fact, more than 90 percent of records breached in 2008 involved groups identified by law enforcement as organized crime.2
There are four phases of a targeted attack: incursion, discovery, capture, and exfiltration.

Phase 1: Incursion. Hackers break into a company's network by exploiting system vulnerabilities, using default password violation, SQL injection, or targeted malware attacks.

Phase 2: Discovery. The hacker maps out the organization's systems and automatically scans for confidential data.

Phase 3: Capture. Exposed data stored by well-meaning insiders on unprotected systems is immediately accessed, and the value of that information is assessed.

Phase 4: Exfiltration. Confidential data is sent back to the hacker team either in the clear, wrapped in encrypted packets, or zipped with password protection.


A targeted attack on confidential data can be defeated at any one of these four phases. What can you do today to prevent a data breach in your organization? Learn more by downloading 6 Steps to Prevent a Data Breach.

1 Ponemon Institute, 2008 Annual Study: Cost of a Data Breach, February 2009
2 Verizon Business Risk Team, 2009 Data Breach Investigations Report