It’s no secret that data breaches are an ugly reality for businesses today, however the biggest issue organizations face today is a lack of focus on building and maintaining a basic security foundation.

So, what should the foundation provide? The Verizon Data Breach Investigations Report (DBIR) offers a well-informed guide based on the analysis of thousands of information security incidents and data breaches.

Here are several key takeaways from 2017:
  • Unpatched vulnerabilities, malware and stolen or weak passwords. 88% 88%
  • Hacking-related breaches involved stolen or weak passwords 81% 81%
  • Externally initiated attacks 75% 75%
  • Breaches that included malware 51% 51%
  • Malware installed via malicious email attachments 66% 66%
While the DBIR data doesn’t provide a “silver bullet” fix, it does show that breaches follow patterns, and as we all know, patterns are predictable. To be successful, ransomware has to gain access to a system, install a malware program or inject code into a process and execute commands to encrypt data. This typically happens due to poor patching practices, inbound internet traffic, email and attachments not being scrutinized, and weak endpoint security. Stated simply, it works because organizations aren’t focused on mitigating the known attack method due to a poor security foundation.

It’s worth noting attackers don’t care if a network is compliant, has good privacy policies or lots of shiny new technologies. While those are important elements of a good security program, effective security programs need to be focused on mitigating actual attack methods in order to support compliance and privacy related initiatives, not the other way around.

With that said, here are six essential elements of a basic security foundation you can work on today:

  1. You can’t protect what you don’t know: Continually assess internet-facing networks, servers, applications, accounts, supplier/partner connections, cloud portals etc.
  2. Bad guys can’t exploit that which is not accessible: Reduce attack surface by eliminating as many ingress points as possible.
  3. Vulnerabilities are way more than operating system deep: Assess software and OS vulnerabilities, patch critical issues in days, not weeks.
  4. Credentials are king: Enforce multi-factor authentication for privileged accounts–domain, server, application, database and cloud admins.
  5. Cloud portal admin and access keys are the new domain admin: Protect them and think twice before integrating authentication because your Active Directory security is probably not as solid as you think.
  6. Endpoint security should be strengthened: Consider advanced endpoint protection with integrated cloud intelligence/learning across clients and servers.

This list is only a small subset of possible mitigation techniques that should be present in a successful security program. However, these steps will provide a strong foundation of defenses against the most common attack methods and help to greatly reduce the risk from the more advanced threats your network faces on a daily basis.

Get Freshly Brewed IT News and Chatter

Enjoy the latest IT news and updates with your morning coffee.

You have Successfully Subscribed!