Organizations Must Pursue Data Loss Prevention Strategies Because Data Breaches Are On The Rise

By Ziften CEO Chuck Leaver

For US businesses the incident of a major cyber attack and substantial data leak is looking more like “when” instead of “if”, because of the new risks that are presenting themselves with fragmented endpoint strategies, cloud computing and data extensive applications. All too frequently companies are ignoring or improperly dealing with vulnerabilities that are understood to them, and with aging IT assets that are not properly secured the cyber criminals begin to take notice.

The number of data breaches that are occurring is really disturbing. In a report from the Verizon Risk Team there were 855 substantial breaches which led to 174 million records being lost back in 2011. The stakes are really high for businesses that deal with personally identifiable info (PII), because if employees are not educated on compliance and inadequate endpoint data defense measures are in place then costly legal action is likely to happen.

” The likelihood of a data breach or privacy concern happening in any business has become a virtual certainty,” Jeffrey Vagle, legal expert writing for Mondaq specified. He recommended that record keepers have to reconsider their approach to network and device security, worker data access controls and the administration of PII details. The increase in the use of cloud services can make the prevention of data breaches more challenging, as these services make it possible for the massive exchange of information each time. It would only take one incident and countless files could be lost.

Understood Vulnerabilities Require Focus

A great deal of IT departments stress constantly about zero day attacks that will cause a data breach and catch them off guard. As an example of this, Dirk Smith of Network World wrote about an Adobe Acrobat exploit that provided access for hackers to carry out advanced surveillance. A lot of IT vulnerabilities can come when software is not patched up to date, and a lot of zero day dangers can take place from weak points in legacy code that includes a bug in Windows which targeted features that were first presented 20 years back.

Security expert, Jim Kennedy wrote in a Continuity Central post “one thing that I have found is that a lot of the breaches and invasions which were successful did so by attacking recognized vulnerabilities that had actually been identified and had actually been around for several years: not from some advanced ‘zero-day’ attack which was unidentified and unknown up until only yesterday by the security community at large.” “And, much more disturbing, social engineering continues to be a most effective method to start and/precipitate an attack.”

Now the cyber criminal fraternity has access to a comprehensive series of pre packaged malware. These tools have the ability to perform network and computer analytics that are complex in nature and after that suggest the ideal attack method. Another risk is a human one, where staff members are not trained correctly to evaluate out calls or messages from people who lie about being a member of the technical support team of an external security supplier.

It is certainly extremely important to proactively resist zero day attacks with robust endpoint protection software applications, but also companies need to integrate effective training and processes with the hardware and software solutions. While most companies will have a number of security policies in place there is normally an issue with enforcing them. This can lead to dangerous fluctuations in the movement of data and network traffic that should be examined by security personnel being ignored and not being dealt with.

 

Endpoints Are Becoming The Channel Of Choice For Widespread Malicious Cyber Attacks – Chuck Leaver

From The Desk Of Chuck Leaver CEO Ziften Technologies With the introduction of bring your own device (BYOD) methods and cloud computing the securing of particular endpoints has become more difficult, as administrators could be making ease of data access a priority over security. The risks are there however, since most of the present generation […] Continue reading →

Without The Right Defenses There Is No Immunity From Cyber Attacks But Two Thirds Of Organizations Think They Are OK – Chuck Leaver

By Chuck Leaver Ziften Technologies CEO   A large number of companies have the belief that there is no requirement for them to pursue assiduous data loss avoidance, they regard cyber attacks as either very unlikely to happen or have minimal financial effect if they do happen. There is an increase in the recorded cases […] Continue reading →

Chuck Leaver – No More Dark Ages Cyber Security Says RSA President In Keynote Address

Written By Dr Al Hartmann And Presented By Chuck Leaver CEO Ziften Technologies   A 5 Point Plan For A New Security Strategy Proposed By Amit Yoran Amit Yoran’s, RSA President provided an outstanding keynote speech at the RSA Conference which reinforced the Ziften philosophy. Ziften is intently focused on continuous endpoint monitoring, silo-busting Ziften […] Continue reading →