Part 3 – Breaches
In this final part of our review of the Cisco 2017 Annual Cybersecurity Report, the focus is on breaches. Whilst it has been highlighted already that security professionals are reasonably confident in the tools, they were concerned whether they were using them effectively or to their fullest extents. The fact that the number of breaches is growing despite the wider adoption of tools suggests that the concern is genuine and justified.
Most breaches are still human-related. Mis-typed or mis-directed mails account for a large proportion but deliberate and malicious email use is on the rise, simply because it is so easy. Very few organisations have implemented true DLP or encryption strategies that combat this effectively. In our previous article, email and its impact is discussed including the growth in volume, the exploits available and spam volumes. Email is still the biggest and most likely cause of a data breach either as malware is introduced or a person initiates.
Web- and app- development, where the code is not fully tested, is another cause of concern. Cross-site scripting and SQL Injection still remain two of the easiest vulnerabilities to exploit and yet these occur surprisingly frequently. The report also highlights ‘middleware’, software that links two systems together, as being another threat vector that is often challenging to test but constantly being exploited. The fact that this software, the websites and mobile apps are being updated constantly with new features or functions often means that full end to end testing is minimized with only the new features being tested, leading to ever more vulnerabilities.
Third parties are used more and more as business outsource development and operations. It is when these arrangements are in place but not monitored or managed with enough rigour that you can get further problems, especially where there are any kind of interdependencies.
In the first article, the number of un-investigated security related events was highlighted. Each one of these could lead to a data breach. More effort needs to be put in initially to fine tuning the consoles of the tools used so that there are fewer false positives. Alternatively use one of the emerging Managed Detection and Response services that are now available.
Finally, credential compromise needs to be reduced. Whether that be by introducing smart card authentication, biometrics, 2 factor, certificates or just longer passwords, something needs to be done. Monitoring the dark web and other nefarious sites for corporate credentials may allow an administrator to spot a problem and an attack to be thwarted. Basic password hygiene and credential management should reduce the likelihood of credential loss but having good, accurate and actionable intelligence is better.
The report’s conclusion is that businesses need to adopt an “integrated and simplified approach” to security and that all levels of the organisation need to be engaged. This approach should be reflected not just in its policies, procedures and its tool-set but also in its attitude and tone of voice. Management need to set that tone for it to be effective and the sooner you start, the better.
Catch up or recap on part 1 & 2 of this 3 part series below:
Part 1 – Tools & Technologies used by companies – click here.
Part 2 – eMail & Spam – click here