Skip to content

Defense in Breadth

Repelling hackers does not necessarily require major investments in advanced encryption, appliances, and applications. Companies can reap huge security benefits in many cases simply by implementing basic security procedures.

That’s according to the Verizon Business 2009 Data Breach Investigations Report. The report found that nearly nine out of ten of 2008’s record number of data breaches could have been avoided if companies had simply implemented basic security measures.

In about 17 percent of breaches, there were elements of the attack that were highly sophisticated. These cases also accounted for about 95 percent of the total number of breached records Verizon studied. But in such instances, the sophistication typically wasn’t applied until attackers had gained entry through uncomplicated ways, including taking advantage of unpatched applications and default passwords.

Many companies spend a million dollars or more on a security product and then spend large amounts of time and resources wrapping it with additional security measures, said Dr. Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions, speaking at the RSA conference.

But attackers usually avoid hardened areas, “just like they don’t try to decrypt encryption; they’ll try to attack elsewhere,” he says. Companies could significantly improve security by spending more time on areas that tend to get hacked, said Tippett.

Organizations should conduct regular, lightweight security scans on internal and outward facing systems, applications, and servers. It is especially crucial to test the applications used in 70 to 80 percent of last year’s hacks, he said.

Sophisticated attacks tended to be carried out against companies with a lot of valuable data, such as banks. Companies should recognize if they might be that type of target, said Tippett.

He also noted that many attacks consist of the same general systems and applications. Intruders typically breach a network, install malware, occasionally access the network again to harvest data, and usually conduct attacks from malicious or unknown Internet Protocol addresses. A relatively simple port scanning or net flow test can reveal oddities that could indicate a breach, according to Tippett.

More assets were breached in 2008 by using default credentials than by any other method, according to the study. It is important to regularly change user logins, including ones that protect data held by third parties.