2014 Mega breaches: 5 key takeaways

This is the first in a series of blog posts concerning IT security and trends for 2015.

A new study by the Ponemon Institute outlines how the mega security breaches of 2014 are changing attitudes towards IT security.

The breaches affected the personal records and credit card information of more than 350 million people. The financial toll is estimated to be billions of dollars in cleanup expenses, fraud response costs, lost market valuation, reputation damage, lawsuits, and related expenses. IT managers face mega challenges as they try to protect data containing credit card information, financial transactions, and other personal information.

In this January 2015 study, 735 IT security practitioners were surveyed about the impact of the mega breaches on their budgets and compliance practices. Here are five key takeaways from the results.

1. More resources are allocated to preventing, detecting, and resolving data breaches.
61% percent of respondents say their budget or security increased by an average of 34%. 65% of respondents say the increased budget enabled investment in security technology to prevent and/or detect breaches.

The top five technology investments are:

  1. Security Incident & Even Management (SIEM) (50%).
  2. Endpoint security (48%).
  3. Intrusion detection and prevention (44%).
  4. Encryption and tokenization (38%).*
  5. Web application firewalls (37%).
ponemon-institute-graph-1

Source: Ponemon Institute

2. Senior management level of concern about cyber defense has risen dramatically to 7.8.
Before the Target breach, the level was 5.7 out of ten. In addition, 55% of respondents rate senior management’s concern as extremely high. Prior to the Target breach, only 13% of respondents believed senior management was extremely concerned. Overall concern among C-level executives was up by about 37%.

ponemon-institute-graph-3

Source: Ponemon Institute

ponemon-institute-graph-2

Source: Ponemon Institute

3. Senior management realizes the need for a stronger cyber defense posture.
The majority of respondents (72%) reported that after the breaches, their companies provided tools and personnel to contain and minimize breaches. 67% say their organization made sure IT had the budget necessary to defend against breaches.

4. Companies have changed their operations and compliance processes.
60% of respondents say they made changes to operations and compliance processes to improve their ability to prevent and detect breaches.

5. Many companies fail to prevent the breach with the technology they currently have.
65% of respondents say that attacks evaded existing preventive security controls. 46% say the breach was discovered by accident.

*If you are considering solutions that ensure PCI compliance, the Black Box EncrypTight™ system provides multi-site WAN encryption at speeds up to 10-Gbps and across Layers 2-4. It also eliminates the hassles of creating and managing numerous VPN tunnels.

Solution Briefs
PCI DSS Compliance
Network Security for Finance

Advertisements

Three common network mistakes

Some network mistakes turn up over and over again—these mistakes cost organizations money, time, and even loyal customers. What these mistakes all have in common is that they mainly reflect a lack of planning. A network that runs smoothly and delivers top performance with minimal downtime takes thought, organization, an awareness of current technology, and a plan.

Here we present three common pitfalls. If you pay attention, you don’t have to fall into them, too.

1. Non-standard construction
Because data centers are larger and more complex than ever, “seat-of-the-pants” construction doesn’t really work well anymore for any network much larger than a home network. “Guesstimating” can eventually lead to all kinds of problems ranging from overheating to inadequate power to lost data.

To standardize best-practice network construction, in 2005 the Telecommunications Industry Association (TIA) published the TIA-942 standard that set requirements for network architecture, system redundancy, security, file backup, hosting, and power management, as well as a number of other procedures. TIA-942 covers not just the network itself but also supplemental services. Over half the standard covers matters such as electrical systems, HVAC, fire detection and suppression, and building construction. The standard defines four tiers of data centers, with Tier 1 being a simple server room and Tier 4 being a mission-critical data center with high security and redundancy.

Continue reading

Proactive defense – learn and use the “secret” formulas

2012 was jam-packed with network breaches and 2013 will be no different. It’s important to learn and understand new attack methodologies and take a proactive approach to defuse these threats. In this blog post we’ll share a few simple formulas to reduce risk, comply with regulations, and harden your systems against cybercrime.

The first formula is based on U.S. military basic war tactics and is called the four Ds. They are:
1. Detect – awareness of a threat
2. Deter – preempting exploitation
3. Defend – fighting in real-time
4. Defeat – winning the battle!

The second formula is well known in network security circles and is called the “Risk Formula”:
R = T x V x A
(R)isk = (T)hreats x (V)ulnerabilities x (A)ssets

Continue reading

Three tips for managing network changes

Every business depends on its network to run efficiently at all times. No one can afford network outages or degradations due to poorly planned infrastructure changes. The following three steps help mitigate risks when managing network change, while also ensuring faster and more cost-effective implementations. If any one step is skipped or done incorrectly, costlier problems can potentially develop later.

The methodology
Discovery and baselining
Network professionals must first know what they’re dealing with. Discovery means asking: What kind of equipment exists? What is the traffic today? Who are the users? It should include hardware inventory, applications, router configurations, switch configurations, network cabling and protocol usage. Engineers should evaluate current network performance, including traffic patterns, bandwidth optimization, Internet connectivity, and network vulnerabilities.

Baselining means creating documentation of the current state so there is something to work from to plan changes and measure against to validate them.

Design assistance
The next step is designing the plan for making the changes using the documentation as a guide. What is the end goal and how will you get there? This is the stage at which the IT team makes decisions about reconnecting, the addressing scheme, server location changes, etc., then creates a design to facilitate those decisions.

Fluke Networks DTX-1800 Cable Analyzer

Validation
The third step is validating the design after implementation. Are all the devices configured correctly? Did a user get moved? Did the switch get changed? Network professionals verify that changes were made, then document, report and baseline the network again for future reference.

There is a way to speed up the process without sacrificing precision. A network analyzer makes following the process outlined above easier, particularly if the device includes all of the following capabilities:

Continue reading

Five questions to ask before opening your network to BYOD

There’s a lot of excitement nowadays about the Bring Your Own Device (BYOD) trend, in which employees use their own smartphones, tablets, or laptop computers to access the corporate network via wireless. But before you set up those wireless access points, there are a number of questions to consider.

Who’s allowed into the network?
The first step to managing BYOD is to decide who gets on your network. Do you have an open BYOD policy that lets any device connect to your network through wireless? Do you let anyone in, but make him or her register? Do you authenticate users via password? Do you allow only known devices onto the network? Do you support all devices and operating systems?

How much access are BYOD devices allowed?
Do you allow employees’ personal devices full network access or restrict them to Internet access only? If you allow full network access, is there a security policy in place to prevent company confidential information from being loaded into devices that may be lost or stolen?

How safe are BYOD devices and what are you going to do about them?
There’s more malware out there all the time, and it’s affecting more devices than ever. This is a problem not limited to laptop computers—the popular Android™ operating system for phones has a large amount of known malware. How will you screen connecting devices to make sure they have updated patches and don’t contain malware?

Continue reading