Chris Harget, senior product marketing manager, ActivIdentity, part of HID Global
November 01, 2011
Opinion

Reducing network breaches

Reducing network breaches
Reducing network breaches

Depending on which sources you read, in the first six months of 2011, the top six network breaches alone enabled cyber thieves to steal between 178 million and 218 million user accounts, email addresses, token seed files or “records.” When these hackers go undetected for extended periods, they can damage an organization's competitive edge, their operations, brand image and, eventually, impact the business operation.

The question then becomes: Why does this happen and what can be done about it? Were these targeted organizations incredibly unlucky, complacent or targeted for some reason? Yes, not especially, and probably. What can organizations do to reduce their risk? 

Consistent communication to all employees about the risk of social engineering and spear phishing is the first step. Unsolicited calls, emails or visits asking for personal details about IT employees are particularly suspicious, and the caller's identity should be independently verified before proceeding. Employees should not fill out online forms sent via unsolicited email links, no matter how legitimate they appear. 

Next, in the event that a PC account has been breached, minimize the number of accounts that have password reset privileges to reduce account escalation odds. 

If your enterprise handles customer credit card information, fully comply with PCI standards, and be sure to use strong two-factor authentication for anyone who has access to payment card databases. This will prevent account sharing, provide greater security redundancy, and result in a better audit log. It will also inhibit account escalation.

If your business is securing a corporate network, be aware that perimeter defenses have been made permeable by Wi-Fi, thumb drives, email attachments, smartphones and laptops, so one needs multilayered strong authentication into Windows login, servers, VPN and cloud applications. Smartcards from a credential management system appliance are the fastest, easiest way to deploy multilayered strong authentication. 

From the November 2011 Issue of SCMagazine »
Related Articles
Related Topics
close

Next Article in Features

More in Features

Behind the scenes: Privacy and data-mining

Behind the scenes: Privacy and data-mining

With data-mining firms harvesting personal information from online activity, privacy advocates, if not yet consumers, are alarmed, reports James Hale.

The great divide: Reforming the CFAA

The great divide: Reforming the CFAA

Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.