• | 621 confirmed data breaches studied in detail |
• | 19 contributors, including government agencies, private security organizations and consulting companies |
• | 44 million records compromised |
• | The largest and most comprehensive data breach study performed each year |
• | 75% of attacks were opportunistic - not targeted at a specific individual or company - with the majority of those financially motivated |
• | 37% of breaches affected financial institutions |
In the most recent blog entry of this series we covered some key observations from the report. In this blog we'll look at what those observations mean to HP NonStop server users, and draw some final conclusions. Note that the full report is available here: http://www.verizonenterprise.com/DBIR/2013/
Key observations from the last blog, with their relevance for NonStop users:
Most Attacks Still Use Basic Techniques
The vast majority of attacks exploited weak or stolen credentials, and were considered "low" or "very low" in difficulty (on the VERIS scale which Verizon uses to categorize breaches).
NonStop relevance: Protect "the basics" - implement strong user authentication; implement (and enforce) password management processes; enforce a policy of minimum required access; ensure no shared accounts (especially SUPER) and keep track of all privileged user activity with keystroke logging. These relatively simple steps will ensure that the types of attacks that Verizon observed in over 70% of cases will fail.
14% of breaches were insider attacks
The majority of insiders committing sabotage were former employees using old accounts or backdoors not disabled, and the vast majority of IP theft cases committed by internal people took place within 30 days of announcing their resignation.
NonStop relevance: Ensure your NonStop user provisioning is integrated with your Enterprise Identity Management system, if you have one - that way as users are decommissioned at the enterprise level, they're also decommissioned on the NonStop. Integrate your NonStop with a Security Incident Event Management (SIEM) solution. That way any suspicious activity can be viewed at an enterprise level, and may be clearer as a result. The "basic" protections above also apply here.
Data at rest is most at risk
66% of breaches involved data at rest in databases and file servers (the rest was data being processed when it was accessed)
NonStop relevance: Protect your data at rest, with encryption or tokenization. Note that Volume Level Encryption (VLE) doesn't really provide the requisite level of protection, as once a user is signed on to the NonStop, their access is based on standard Guardian/Safeguard rules - the "encryption" becomes transparent to them. VLE is really best used to protect entire disks from theft.
Types of attack vary depending on industry and region
37% of breaches affected financial institutions, banks are often subjected to ATM skimming
NonStop relevance: As many NonStop users are banks or other financial institutions, the findings in this report are particularly relevant. The recommendations should be carefully studied and applied where it makes sense in customers' environments.
Spotting a breach isn't always easy, or quick
66% of breaches in the report took months, or even years, to discover. 69% of breaches were spotted by an external party, with 9% being spotted by customers!
NonStop relevance: This is where using a SIEM gives some real benefits. By aggregating all security events across the enterprise and presenting them in a normalized fashion, it can be a lot easier to notice anomalies. It's critical for NonStop users to gather and forward all NonStop-based security events and forward them to the enterprise SIEM, if one is present, to ensure that any clues from the NonStop regarding a possible breach are included in the analysis.
As you can see, and as we've mentioned in earlier blogs, looking after the security fundamentals is probably the best "bang for your buck" in terms of securing your critical, NonStop-based applications and their data. To further underscore this, the PCI DSS v3.0 standard has just been published, and it includes an increased focus on the basics, as hinted at in earlier PCI announcements.
XYPRO has been developing products, and providing solutions, to assist our customers to meet their many and varied security requirements for over 30 years. We have solutions to address all the points summarized in this blog, and more - if you'd like more information on anything you've read here, or anything else that comes from the Verizon DBIR, please contact your sales representative https://www.xypro.com/xypro/contact, or email me at andrew.price@xypro.com.