NEWS ANALYSIS: The Verizon study finds that the best way to prevent data breaches is not expensive or new, but rather simple. The fact that businesses don’t adhere to good security practices is more frightening than the breaches themselves.
Breach Investigations Report" includes some sobering findings that show just
how pervasive social and political hacking has become. So-called
hacktivism was responsible for 58 percent of all data stolen in 2011.
Nearly 80 percent of attacks were opportunistic, and most significant of all,
96 percent were avoidable.
primary motive for external data breaches was financial gaincompanies were
hacked to get at credit card or other personal data that could then be used to
steal money, secrets or other valuable resources, according to the report.
thats not whats really scary.
deep within the Verizon report (scroll down to page 61 if youve followed the
link above) youll find a section on recommendations, and there youll find a
simple pie chart showing that the fixes for 63 percent of all organizations are
simple and cheap. Most of the rest are a little harder, but they are still
within the capabilities of even the smallest companies.
the preventive measures are things that security experts have been saying for
more than a decade, starting from the days of the first viruses and the first
efforts at social engineering to distribute malware.
simplest solution of allbuy a firewall.
small businesses around the world simply havent been paying attention and
still havent gotten even the most basic message about security. That message
is simple: A firewall makes it harder for a hacker or automated malware to
break into your computer, and if its hard to do, then the vast majority of
opportunistic hackers will move on to the low-hanging fruit of unprotected
secondchanging the defaultsis even cheaper because it costs nothing, and the
people who sell firewalls have tried to automate the process for you when you
set them up.
means dont use the default service set identifier (SSID) on your wireless router
(seeing a router named Linksys tells a hacker that you havent changed anything
including the password), turn on WiFi Protected Access (WPA) encryption, and
change the password. If you follow the instructions on that one-page getting
started poster that comes with wireless routers, the built-in wizard will lead
you through all this.
small businesses, the third step should be a no-brainer, but apparently its
Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.
He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.