May 17, 2010, 12:53 PM — A look back at recent data breaches including the Hydraq attacks exposes an alarming trend that only a handful of security experts anticipated. As predicted by some as early as 2005, Internet attackers are no longer driven by fame but by fortune and are using increasingly sophisticated techniques. These attacks are not just hunting for confidential information such as credit card or Social Security numbers, they can actually target specific employees at multinational companies and government agencies they know have access to design documents, source code and other forms of intellectual property and classified information.
As discussed in part one of this two-part Information Security Blueprint series, threats are likely to become even more complex and effective over time, so organizations should work to reduce their vulnerability by implementing a security blueprint that is comprehensive, proactive, enforceable and manageable. Among the most important components is a strategy that addresses the four most common security weaknesses today's cyber attackers target: poorly enforced IT policies, poorly protected information, poorly managed systems and poorly protected infrastructure.
Enforcing IT Policies
Data breaches may be caused either by cybercriminals outside the company or by malicious or well-meaning insiders operating within the company. Virtually all data breaches, however, involve missing, broken, or unenforced IT policies. Whether cybercriminals and malicious insiders exploit them or well-meaning insiders follow them, inappropriate IT policies are a common factor in data breaches. By prioritizing risks and defining policies that span across every location, customers can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen.
Cybercriminals rely on two factors as they consider target organizations from which to extract information. The first is that from an information security perspective, most companies are hard on the outside but soft on the inside. Malicious attackers look for companies that do not have appropriate IT policies either developed or enforced around who should have access to what infrastructure or what information. What that means is that once the criminals are inside the safety of the corporate network, they have free rein across that network to figure out what valuable data exists and where it is located.