In our last post, we looked at the costs associated with a large-scale data breach, taking the recent attack on Home Depot as a case in point.
We left off with a question: what can we learn from a breach like this?
Because you know, Home Depot is not going to be the last.
Home Depot is unlikely to be the last big retailer to suffer a breach of its cash register systems. Hackers have for some time been scanning merchants’ networks for ways to gain remote access...Once they find that opening, they install so-called malware that is undetectable by antivirus products" (source).
The U.S. Department of Homeland Security and the Secret Service estimated there have been over a thousand U.S. businesses unwittingly infected with POS malware. These breaches "have rattled shoppers' confidence at a time when privacy concerns are high," which in turn has "increased pressure on retailers to increase security so that customers can feel safe that their personal data is secure when they're out shopping" (source).
The security problem
It's easy to tell companies to increase security. Doing so is much harder. How can a large enterprise ensure that every possible inroad is blocked off, especially at a time when IT innovation - for better and for worse - is moving at light speed?
They can't. And for large enterprises, the challenge is even harder. According to Prof. Bill Chu of UNC Charlotte College of Computing and Infomatics, "The chain of possible breaches is so long, their surface is so big, that if there is a pin hole somewhere, somebody can get through."
The focus: detection and response
We've said that the scale of the Home Depot breach had to do with how long it took to detect it. Now for a tough question: would your company do any better?
A joint study...found that a majority of computer security experts in the United States believed that their organizations lacked the technology and tools to quickly detect database attacks" (source).
But an answer does exist. Every year, the Verizon RISK team publishes a Data Breach Investigation Report detailing the previous year's cyber crime stats. Consider this insight from their 2012 report, as relevant now as ever:
In 8% of breaches affecting large organizations, it was basic log-review and analysis that topped the internal active discovery list...this is one of the methods that we tout yearly, and believe to be more effective than nearly all other methods. How do we know this? Well, when we conduct an investigation, that's how we find the breach - reading the logs."
In short? You've got to keep records. And you've got to monitor them. Here's Verizon again, in their 2014 report:
"Unlike iocane powder, many of the vectors and persistence methods used by crimeware can be easily detected by watching key indicators on systems. This goes to the general theme of improving detection and response rather than solely focusing on prevention."
Here's the moral. While you may not be able to cut off every possible point of entry, you can implement effective auditing tools. Doing so can speed your detection time considerably - protecting you and your customers from the lion's share of the fallout.
It's time to implement a comprehensive audit trail. Learn how we approach the security challenge with Netop Remote Control here.