Answer

Key takeaways from the 2013 Verizon DBIR: What can be learned for 2014

The 2013 Verizon DBIR once again hammered home the point that organizations aren't taking care of IT security basics. What are your reactions to the report? Can you provide some takeaways that organizations can implement before they are victimized by simple attacks in 2014?

    Requires Free Membership to View

Ask the expert

Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

It has been interesting to watch the overall trends in the Verizon Data Breach Investigations Report (DBIR) over the years. The insider threat was the one to watch until just a few years ago. The 2013 edition of the Verizon DBIR shows that 92% of breaches originated from external sources, which represents a dramatic shift in the source of threats. This trend is forcing information security departments to refocus their priorities on protecting the company from external attacks.

One key takeaway from this report is that it doesn't seem that we are "winning the war." Don't get me wrong – we are putting up a valiant defense. However, I'm curious whether the increase in external data breaches corresponds with the IT budget crunch that started with the 2009 recession. Many IT security and technical teams are spending too much time nowadays just putting out fires due to a lack of resources. No one has the necessary resources and staff to implement the time-tested security practices of regular patching, vulnerability assessments and log monitoring, as demonstrated in the report. Investment in tools that automate these critical tasks should be a top priority for short-staffed IT security groups.

Another key takeaway is that our traditional security technologies are largely ineffective against highly targeted attacks. Threat actors are frequently turning to social engineering to find ways into the company through employees' personal lives. My advice on this front is to build network security in a multilayered, compartmentalized design. Assume that the attacker is going to get through some of your defenses, and build in monitoring to know how far they have progressed. Also, educate users on security threats, and consider applying additional security measures for executives or those with access to critical assets. By utilizing these steps, a company may stand a chance of not being a statistic in the 2014 Verizon DBIR.

This was first published in January 2014

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: