Security breaches are happening too often and while hackers get smarter, enterprises are not doing enough to protect their data. In fact, NTT Group's 2014 Global Threat Intelligence Report revealed that 43 percent of incidents in 2013 were the result of malware.
The report claimed that companies were missing basic controls like anti-virus and effective vulnerability life cycle management contributed to such attacks. Half of the vulnerabilities detected during scans have had patches available for at least two years – yet businesses had not installed them – and anti-virus failed to detect more than half of new malware.
Malware is here to stay, so it is every IT department's responsibility to get the basics right if they are to protect their business from today's threats. Businesses could save significant sums if they put in place processes to reduce the risk of exposure. Prioritising controls and putting risk in context could have saved one company over $109,000 according to the report.
Vulnerability scanning is the most basic security measure. Where a security assessment is conducted to scan the customer's environment. Too many organisations aren't using these highly automated tests. Intelligence into vulnerabilities is invaluable as it offers insight into how attackers could use information to gain access to data assets. These vulnerabilities still need to be balanced against the business risk and put in overall context so that valuable resources are focused on mitigating the real risks to the business.
IT departments should analyse and collect logs, we have found that logging and the use of SIEM is a tick box exercise and no analyses or correlation of logs takes place . Regularly tracking logs gives enterprises greater access to threat intelligence, so they can predict future risks.
Another basic security control, which is ignored by most firms according to the GTIR report, is incident response planning. Appropriate incident response is vital for minimising the impact of a breach. By having a well-defined and regularly updated plan, and recognising that security incidents will happen, organisations will be better prepared to handle incidents in an effective and consistent way.
Collaborate for better protection
Savvy enterprises are now working with a trusted provider to run basic measures. Outsourcing provides and augments the in-house skills of an organisation and enables that company to focus on building and developing its business. The outsourcer meanwhile provides risk intelligence to enable the board to understand, prioritise and manage risks and make informed decisions in a timely manner.
A trusted provider might be a Managed Security Services (MSS) partner, which can access intelligent information for active threat management. An MSS partner, which typically has access to collective global knowledge and systems, provides visibility and control to manage information security risk – and is therefore able to actively notify customers about possible threats and proactively mitigate them.
In a society with constant real world threats, it is time for information security professionals to take responsibility for their own data. When the basics measures are done right, and with the support from a trusted provider, they can be enough to put risk in context and even help avoid breaches.
- Garry Sidaway is Global Director of Security Strategy at NTT Com Security and is a respected security expert. With over 20 years' experience in the IT industry, Garry's focus is on meeting business needs through the development of managed security services, business infrastructure, consulting and technology integration worldwide.