Security systems by themselves are not the solution
Paul Black, APAC Regional Managing Principal, Investigative Response, Verizon speaks on latest threats, how to develop effective approaches to counter cyber risks with Jasmine Desai.
Which was the most common security weakness discovered at organizations where a data breach occurred?
Black: We continue to see the same types of attacks that are happening just like last year. Most of the time, the evidence is there in the log files, which are not checked at all by the organization. After a breach the first thing we do is to check the log files. This definitely will be the most common security weakness across organizations.
There has not been marked cases of attacks in virtualized environment. Virtual environment is quite similar to the real environment. In many cases, virtualized environment is more secured than the physical environment.
How can data security be a company wide effort or rather what is stopping organizations from making it a company wide effort?
Black: A company can spend big on technology, but there needs to be underlying processes aligning with it. The right skill-set also needs to accompany it to monitor and manage it, otherwise there is limited value to it. Systems are great, but there is not proper monitoring happening which is a big issue as of now. It is not necessary that complex systems is opening up a space for more threats. Security systems by themselves are not the solution, it needs people and processes to go with it. They have to work together.
What type of data is being stolen increasingly. Is it changing over time?
Black: There is continuation from last year of financial data being stolen a lot. For example, credit card data. Organized crime is very high and it is being conducted more from East European countries.
There is lot of hacktivism happening. It will be targeted more towards large organizations in future like financial institutions and government agencies. In US, there are laws that if an organization is breached and data has been compromised upon, then the organization has 24 hours to notify its customers. These laws are yet to develop maturely, which will help organizations to know what steps are they to take after a breach.
What measures would you recommend for small organizations?
Black: Small organizations can take simple measures like changing passwords regularly. Also, they should be encouraged to use complex passwords. Lot of organizations keep data that they do not necessarily need to keep because of regulations etc. For issues that crop up due to BYOD, there are dual persona systems, there are also sand-boxing options. There should be regular security patching i.e. keeping systems updated and patched. Organizations need to have proper password policies and proper security controls for devices that employees bring in. Also, it is necessary to understand where organization’s data resides.