Ah, springtime. Flowers are blooming. Baseball is in full swing. And -- most importantly -- the major security vendors release their summary reports :)
Last month, Trustwave released its 2013 Global Security Report. Some of its key findings:
- The retail industry made up the highest percentage of their investigations at 45%
- Mobile malware has increased 400%
- The average time from initial breach to detection was 210 days, more than 35 days longer than 2011. Most victim organizations (64%) took over 90 days to detect the intrusion.
- "Password1" is still the most common password used by global businesses.
The Verizon report is also short of good news for us:
- 75% or breaches were untargeted and opportunistic.
- 78% of attacks used tactics which were rated as lowor very low on the VERIS difficulty scale
- 75% of attacks were driven by financial motives
- 19% of attacks were perpetrated by state affiliated actors for the purposes of espionage.
While both reports are worth a read (and if you can attend either company's roadshow briefing it's worth it) as security professionals hopefully these reports will cause us to stop for just a moment and reflect on the state of our infrastructures -- particularly as pertains to basic blocking and tackling. Of late we have been pulled (in large part by the security industry (versus the profession)) down the path of "If we can only suck in more data" and "if we can only better sort through the data we're sucking in" then we can better protect ourselves against that uber-hacker that is trying to infiltrate our systems. While there is some truth to this approach, it tends to mask the fact that basic blocking and tackling will still resolve much of what we're seeing out there. I truly wonder what the breach reports would look like if we:
- Enforced heightened password complexity
- Patched vigorously and rapidly (to include addressing aggregate risk via patching low-level vulnerabilities with regularity)
- Cleaned up roles and access to systems, ensuring a least privilege model; and
- Managed(and monitored) super user accounts and privileges aggressively throughout the environment.
If the reports are to be believed, we'd drive out at least two thirds of the breaches and issues that make up these findings -- leaving us ample time to hunt for the needle in the needlestack :)
Both reports are worth your time...not only as information for your SETA programs but also as a reminder to the enterprise of the importance of making the basics work. You can find copies of both reports just about anywhere these days, but I've uploaded them onto my file sharing site here. Enjoy!
Update: the Trustwave report, being graphics-heavy, was too big for my file share site :) You can find it at the following URL:
ReplyDeletehttp://www2.trustwave.com/rs/trustwave/images/2013-Global-Security-Report.pdf