Government Technology

Industry Perspective: The Five Myths of Data Breaches



Facts versus myths to illustrate myths about data breaches

October 9, 2013 By Jody Brazil

It seems we hear about another breach every day. While we are in a constant search for a solution, unfortunately, there is no single, simple answer.

But this doesn’t mean we have to accept defeat. One of the first steps is to recognize that many promoted opinions about the cause of breaches and the failures of technology are actually myths. These myths obscure a path to increased security and better risk management. And debunking them is an important step towards improving the effectiveness of our security defenses.

Myth #1: Most threats and attacks are very sophisticated
With today’s APTs (Advanced Persistent Threats), zero-days and sophisticated exploits, it has become fashionable to throw up our hands, feeling helpless. It’s clear that trying to stop these attacks is difficult.

But according to Verizon’s 2013 Data Breach Investigations Report (DBIR), 99 percent of breaches involved techniques that were not considered highly difficult.  Most data breaches are successful not because of some new, highly sophisticated form of attack. Rather, they are successful because the attackers found an easy, simple point of entry.

Myth # 2: Network controls are useless since all attacks now are layer 7 application level attacks
While many attack attempts come in via port 80, the port used by Web traffic, it doesn’t mean that existing network security technologies are ineffective. A firewall can be used to stop Web-based attacks. Blocking via IP address, whitelisting IPs, and other firewall configuration management techniques can block many application layer 7 attacks as well. Further, another method of stopping layer 7 attacks is to use a risk management tool to understand the path an attack would take to reach critical assets.

Myth # 3: My technology is slow, old, and obsolete (or all of the above)
How many times have we heard “My computer did not function properly, or my technology was too slow, too old, and out of date?” If there is a next gen tool in a particular category, it is obviously better and makes the previous generation obsolete. We hear about an attack being successful and immediately think we need a new tool or a new technology to stop the new attack.

Typically the technology deployed could have protected you, but it was misconfigured. Misconfigurations can entail a firewall setting allowing traffic to or from a specific IP or via a port that should have been closed. Or there could be a misconfiguration on a server, such as file permissions set incorrectly.

Misconfigurations can also take the form of an endpoint setting that resulted in a patch or remediation not being applied. And something as simple as not having automatic updates turned on could result in a new patch not being applied.

Myth # 4: It’s impossible to prevent breaches; I should just concentrate on response
There is a trend in the security industry that data breaches and security incidents are unstoppable. Instead of applying resources to breach prevention, the tendency is to put resources into incident discovery and breach response. The implications of redirecting significant resources away from prevention toward response is that more breaches will occur requiring more time and effort on detection and response.

Risk management dictates that we manage acceptable levels of risk. While this should not mean dedicating more resources into prevention than the risk is worth, it does not mean full-scale surrender. There is obviously a balance that needs to be struck. If you take basic steps to harden your systems you can greatly reduce your risk of a breach. Again, according to the latest Verizon DBIR, 75 percent of attacks were opportunistic, meaning they were carried out because they were easy and available.

Myth #5: If I keep my systems patched, I can prevent all breaches
Staying on top of all of the software patches released can be daunting. In most organizations, there is a quality assurance process where the patch is tested before implementation. But by the time a new patch is tested and made ready to implement systemwide, there is already another new patch available.

Scanning for vulnerabilities is not as easy as it used to be either. With so many mobile and remote devices, they are not always on the network when you run your vulnerability scan.

Remember, even if you stay on top of your vulnerability management and patching, the weakest link in your defense still sits behind the keyboard. Being socially engineered to give up your password or installing malware could make your hard work for naught.

As mentioned, data breaches are by and large acts of opportunity. Understanding how they occur, and separating the truth from the myths can make your chances of being the next victim of a data breach much less likely. Insight into the state of your network, implementing basic controls and management can decrease the likelihood that your network will be breached. And utilizing security management to manage firewall rules and network security policies along with a risk management solution are some of the best precautions you can take to thwart would-be intruders.

President and CTO of FireMon Jody Brazil
Jody Brazil is the president and CTO of FireMon.


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Public Safety 2019
Motorola conducted an industry survey on the latest trends in public safety communications. The results provide an outlook of what technology is in store for your agency in the next five years. Download the results to gain this valuable insight.
Improving Emergency Response with Digital Communications
Saginaw County, Mich., increases interoperability, communication and collaboration with a digital voice and data network, as well as modern computer-aided dispatch.
Reduce Talk Time in Your Support Center by 40%
As the amount of information available to citizens and employees grows each year, so do customer expectations for efficient service. Contextual Knowledge makes information easy to find, dropping resolution times and skyrocketing satisfaction.
View All

Featured Papers