Identity Management Best Practices: Start with the Basics

By Scott Kortright


Another year, another Verizon Data Breach Investigations Report (DBIR), another depressing look into the state of global cybersecurity preparedness.

And once again, the annual report acts as a necessary reminder that, despite an ever-increasing prioritization of cybersecurity programs, there’s still significant room for improvement.

The big takeaway from this year’s report is this: Out of the nearly 2,000 breaches analyzed in Verizon’s report, 88 percent were undertaken using a familiar list of nine attack vectors. Eighty-one percent of hacking-related breaches leveraged stolen or weak passwords (more on that later).

In the face of numbers like that, securing your organization may seem impossible. Hackers are using the same techniques, year after year, and yet, many still can’t stop them. But the truth is that the hackers aren’t winning because organizations can’t keep up; they’re winning because most organizations have yet to master the security basics necessary to keep their networks and data secure. In fact, as Bryan Sartin, executive director of Verizon’s Global Security Services says, “There is no such thing as an impenetrable system, but doing the basics well makes a real difference.”

“Often, even a basic defense will deter cybercriminals, who will move on to an easier target,” Sartin explains.

Security Basics: Locking Doors and Windows

Think of your network like a house and your sensitive data like valuables. To protect your home and your belongings, you lock your doors and windows, and you might keep valuables in a lockbox or a safe. Some people go the extra step and install cameras and an alarm system to keep intruders out, but for most, the basics are enough to deter would-be thieves.

Taking basic security measures is like locking your front door and your windows—it won’t stop a determined thief, but it’s enough to ward off most.

That means using two- or multi-factor authentication, keeping software patched and up to date, encrypting sensitive data, automating user lifecycle management, securing privileged accounts, and having a plan of action to follow if you are targeted.

Despite what movies tell us, cybercrime is rarely a targeted, thought-out process. Just like real-world criminals, most hackers are financially motivated (73 percent, according to Verizon) and are looking for the easiest way to make a quick buck.

But while doing the basics will thwart the majority of attacks and lower your risk level, your security journey shouldn’t stop there. First focus on where you are likeliest to be attacked and then build from there.

The Human Element

One of the key takeaways from Verizon’s report is that most attacks are easily preventable, and most of them come down to simple human error. For example, 66 percent of malware used in attacks was installed via email attachments downloaded when users fell for phishing schemes.

Hackers take a spray-and-pray approach to finding soft targets, spamming thousands of fake messages to targets, looking for the one employee who will click on a malicious link—and one in 14 does, according to the Verizon report.

However, fighting these kinds of simple tricks isn’t hard: It all comes down to organizational preparedness.

Teach your users Go to the full article.

Source:: Business 2 Community

Be Sociable, Share!