Chuck Leaver – With An Increase In Significant Data Breaches Data Loss Prevention Policies Must Be Pursued

Written By Chuck Leaver Ziften CEO

 

For US businesses the incident of a major cyber attack and substantial data leak is looking more like “when” rather than “if”, because of the brand-new dangers that are presenting themselves with fragmented endpoint methods, cloud computing and data extensive applications. All too often companies are overlooking or improperly resolving vulnerabilities that are known to them, and with aging IT assets that are not appropriately protected the cyber wrongdoers start to take notice.

The variety of data breaches that are occurring is really disturbing. In a report from the Verizon Risk Team there were 855 substantial breaches which led to 174 million records being lost back in 2011. The stakes are extremely high for businesses that handle personally identifiable information (PII), due to the fact that if workers are not informed on compliance and insufficient endpoint data protection steps are in place then costly legal action is most likely to take place.

” The probability of a data breach or privacy problem taking place in any business has become a virtual certainty,” Jeffrey Vagle, legal expert posting for Mondaq stated. He advised that record keepers need to reassess their approach to network and device security, employee data access controls and the administration of PII info. The rise in the use of cloud services can make the prevention of data breaches more of a challenge, as these services make it possible for the enormous exchange of information each time. It would just take one occurrence and millions of files could be lost.

Understood Vulnerabilities Need Focus

A great deal of IT departments stress continuously about zero day attacks that will trigger a data breach and catch them off guard. As an example of this, Dirk Smith of Network World posted about an Adobe Acrobat exploit that provided access for hackers to perform sophisticated monitoring. A great deal of IT vulnerabilities can come when a software application is not patched up to date, and a great deal of zero day dangers can take place from weak points in legacy code which includes a bug in Windows which targeted functions that were first presented Twenty Years earlier.

Security expert, Jim Kennedy wrote in a Continuity Central post “something that I have actually discovered is that many of the breaches and intrusions which were successful did so by attacking recognized vulnerabilities that had actually been identified and had actually been around for many years: not from some sophisticated ‘zero-day’ attack which was unidentified and unknown till only yesterday by the security community at large.” “And, a lot more disturbing, social engineering continues to be a most successful way to begin and/precipitate an attack.”

Now the cyber criminal fraternity has access to a comprehensive series of pre packaged malware. These tools have the capability to carry out network and computer system analytics that are complicated in nature and after that suggest the ideal attack technique. Another risk is a human one, where employees are not trained properly to screen out calls or messages from people who lie about being a member of the technical support group of an external security provider.

It is definitely extremely important to proactively resist zero day attacks with robust endpoint protection software, but also companies have to combine reliable training and procedures with the software and hardware solutions. While most companies will have a number of security policies in place there is generally an issue with enforcing them. This can result in dangerous fluctuations in the motion of data and network traffic that should be examined by security staff being neglected and not being attended to.