Charles Leaver – Organizations Are Now At Extreme Risk Of Data Breaches So Policies To Prevent This Must Be Followed

By Ziften CEO Charles Leaver

For United States businesses the occurrence of a significant cyber attack and consequential data leakage is looking more like “when” instead of “if”, because of the new threats that are presenting themselves with fragmented endpoint strategies, cloud computing and data intensive applications. All too often companies are neglecting or inadequately addressing vulnerabilities that are understood to them, and with aging IT assets that are not correctly protected the cyber lawbreakers begin to take notice.

The variety of data breaches that are taking place is extremely disturbing. In a report from the Verizon Risk Team there were 855 substantial breaches which resulted in 174 million records being lost back in 2011. The stakes are extremely high for companies that deal with personally identifiable info (PII), due to the fact that if staff members are not informed on compliance and inadequate endpoint data protection procedures are in place then costly legal action is most likely to occur.

” The likelihood of a data breach or personal privacy issue taking place in any organization has ended up being a virtual certainty,” Jeffrey Vagle, legal expert writing for Mondaq mentioned. He recommended that record keepers have to reconsider their approach to network and device security, staff member data access controls and the administration of PII info. The increase in the use of cloud services can make the avoidance of data breaches more of a challenge, as these services enable the enormous exchange of information each time. It would just take one incident and millions of files could be lost.

Known Vulnerabilities Require Focus

A lot of IT departments fret continuously about zero day attacks that will cause a data breach and catch them off guard. As an example of this, Dirk Smith of Network World wrote about an Adobe Acrobat exploit that opened the door for hackers to perform sophisticated surveillance. A great deal of IT vulnerabilities can come when a software application is not patched up to date, and a great deal of zero day hazards can happen from weaknesses in legacy code which includes a bug in Windows which targeted features that were first presented Twenty Years earlier.

Security professional, Jim Kennedy wrote in a Continuity Central post “something that I have found is that many of the breaches and intrusions which succeeded did so by attacking known vulnerabilities that had actually been identified and had been around for several years: not from some advanced ‘zero-day’ attack which was unidentified and unknown until just the other day by the security community at large.” “And, much more troubling, social engineering continues to be a most successful method to begin and/precipitate an attack.”

Now the cyber criminal fraternity has access to an extensive series of pre packaged malware. These tools have the ability to perform network and computer system analytics that are complicated in nature and after that suggest the ideal attack technique. Another threat is a human one, where workers are not trained properly to evaluate out calls or messages from individuals who lie about belonging to the technical support group of an external security company.

It is certainly very important to proactively resist zero day attacks with robust endpoint protection software, however likewise organizations need to integrate reliable training and processes with the hardware and software solutions. While many organizations will have a number of security policies in place there is generally an issue with enforcing them. This can lead to dangerous fluctuations in the movement of data and network traffic that should be examined by security personnel being neglected and not being attended to.