Don’t want to make headlines with a security breach?

  • From largest bank to tiniest startup, no company is immune to a breach.

  • While there are nuances to each breach, there are lessons to be learned.

  • It is in every organization’s best interest to do a security assessment.

This has been a very interesting last few months. Data breaches have been in the news almost daily. From the largest bank and movie studio to the smallest retail establishments and online startups, it seems that nobody is immune. While there are obvious nuances to each of these breaches, and the motivations might be unique to each case, there are similarities and lessons to be learned.

Unfortunately, since breached entities rarely come forth with all the details, the rest of us can only draw conclusions based on the information disclosed by media outlets. Here’s a rundown of the information disclosed in published press releases, along with some suggestions that your organization can use to help avoid a breach of your own.

1. Compartmentalized use of accounts.

Use privileged accounts in the trusted areas of network only. This gives attackers a lesser opportunity to exploit externally accessible systems to gain access to privileged credentials.

2. Monitoring of resource usage and observing anomalies of usage. 

Monitoring the traffic across the organization should be the top priority. This can be accomplished using both tools and human resources so anomalous traffic can be identified easily.

3. Using encryption for data that really matters.

Use encryption at the earliest point when the data makes it into the organization’s environment right until the point the data is stored. This helps protect data and raises the bar for the attackers to gain unauthorized access to sensitive data.

4. Using security as the core design rather than “compliance.” 

Many times the compliance requirements do not keep up with the security landscape. Core principles of security can help not only achieve true security of data but also compliance, achieving two important objectives at once.

5. Alerting mechanisms based on anomaly detection as opposed to signatures.

Most signature-based systems, such as anti-viruses and IDS/IPS, rely on an attack that matches pre-existing “malicious patterns.”  While it’s easier said than done, most attackers tend to use malware that is custom-written and therefore never caught by existing anti-virus or signature-based detection schemes. Using third parties that specialize in analyzing behavior across organizations also helps because anomalous patterns can be easily spotted purely because third parties tend to have larger sets of data with which to work.

It is in every business’ best interest to learn from the lessons of others and perform an assessment of their own. AT&T Security Consulting can help organizations perform such assessments. AT&T Managed Security Services, in particular Security Event and Threat Analysis services, can also help organizations achieve many of these objectives.

Have you observed some things that could have been done differently by the breached organizations?


The Networking Exchange Blog Team About NEB Team