By Chandan Sharma, global managing director of Verizon Business' Financial Services practice
Successful attacks happen to a lot of companies. You only have to read the Verizon 2011 Data Breach Investigations Report (DBIR) to see just how common it has become. Somewhat worryingly so.
Among the many nuggets contained within the report is the finding that although data loss through cyber attacks decreased sharply in 2010, the total number of breaches was higher than ever, demonstrating that businesses and consumers must remain vigilant in implementing and maintaining security practices.
Yet, year-after-year, we consistently see that most attacks are not sophisticated and simple or intermediate security measures could have gone a long way towards mitigating the threat. In most cases evidence of the breach is often right before our very eyes. Indeed, in most of the DBIR cases analyzed by Verizon, evidence of the breach was readily found in log files.
But well thought out prevention is only half the story. If the worst does happen, as recent events have proven it can, your business needs to have a robust event strategy already in place. The strategy needs to address business continuity as well as forensic capabilities that allow you to find out what happened and then address any vulnerabilities to help prevent a similar event from happening again.
Even though it is a complex, time-consuming process, forensics is not the sole preserve of CSI teams: it should be part and parcel of your security capability. Trying to identify valuable data elements on systems suspected of being compromised on a device or virtual environment can be like finding the proverbial needle in a haystack. Hackers, by definition, are adept at covering their tracks and it can take considerable time, as we’ve seen, to identify what information is lost from a successful attack and then take the appropriate steps.
Yet it’s not an unfair question to ask as to what resources you should be devoting to such a practice? Is it actually worth the time, effort and indeed personnel costs to prepare for an event that may not happen for a considerable time, if actually at all, within the foreseeable future?
This is when it is best to reach out to third party experts whose full time job it is provide strong security solutions, leaving you to concentrate on your own business. Prevention is the best medicine, versus having to swallow the difficult pill of having to reassure customers after a breach has already occurred.
The saying may go, fool me once shame on you, fool me twice shame on me. In IT security your business may not be able to withstand a second security incident. We won’t be fooled again is not just a theme for the forensic team of CSI, it should be a business mantra.
Do you Think Forward?