Archived

92% of security incidents we analyzed are covered by just nine attack patterns.

POS Intrusions, Cyber-espionage, Web App Attacks, Insider Misuse, Crimeware, Miscellaneous Errors, Card Skimmers, Physical Theft/Loss, DoS Attack

Regarding Web attacks, Verizon's Enterprise unit recommended the following controls:

  • Don't use single-factor password authentication on anything that faces the Internet;
  • Set up automatic patches for any content management system such as Drupal and WordPress;
  • Fix vulnerabilities right away before the bad guys find them;
  • Enforce lockout policies;
  • Monitor outbound connections.

Insider misuse remains a huge problem and much of security still revolves around trusting an individual — often an employee. Healthcare, public sector, and mining are the industries with the most lost and stolen laptops. Thefts are often exposed in these industries due to mandatory reporting requirements. Verizon's advice for preventing stolen gear was conventional for the most part — encrypt devices, back them up and lock them down — but did say it may make sense to buy "unappealing tech." Verizon said:

dbir14c

Canadian firms seeing fewer data breaches – why that could actually be bad - Candice So @candice_so

2014 the number of reported security incidents dropped by 22% among large businesses in Canada, compared to 2013.

That might sound great, but Canadian businesses also saw a 15% drop in its security incident detection rate – and that might mean they’re not being vigilant enough.

What this year’s report found was that there were 42.8 million attacks reported around the world in 2014 – a 48% jump compared to 2013.

While most of the world has reported more attacks, rather than less, Canada seems to be an anomaly.

However, a drop in the number of reported security incidents might actually be a bad sign for both large and medium-sized organizations alike, with mid-size organizations reporting a decrease in security incidents of 21%, compared to the number of incidents in 2013.

One year on, Snowden affair shows power of big data analytics By Steve Jones

A year ago today, June 5 2013, The Guardian, a UK newspaper, published the first of its exclusives based on documents leaked by US whistleblower Edward Snowden.

Leaving aside the incendiary debate over whether Mr Snowden is a traitor and enemy of the state or a brave citizen who liberated millions of people from illegal surveillance activities, there is no argument over just how significant his activities were in the context of data security. That the phrase “post-Snowden” has passed into common parlance among security professionals is evidence enough.

It is a safe bet that if the ultra-secretive NSA can be compromised in this way, so too can the vast majority of organisations. So how can business leaders ensure their organisation is protected against a Snowden crisis? A potential solution lies in big data and behavioural analytics.What is so significant about Mr Snowden is that as an IT systems administrator employed by the US National Security Agency (NSA), he was entitled to access classified information as part of his job. His decision to download highly sensitive information and leak it to the world’s media is, in data security terms at least, largely irrelevant.

The fact is, he could do it. His role and his credentials meant that he could fatally compromise the NSA – circumventing all its sophisticated security systems, software and policies – with a few thumb drives.

One of the most important advantages of big data analytics, as its name suggests, is volume. It allows an organisation to capture petabytes of information from multiple data sources, and use it to identify trends and patterns.

Indeed, combine a big enough volume of data sources – HR records, job description, web browsing habits, IT system use – and it is possible to gain unprecedented insight into how employees in your organisation operate.

Use of a data lake – a data storage facility that future-proofs company data by standardising them – the potential insights multiple further.

When it comes to security, one of the most potent uses of big data is behavioural analytics.

This involves first establishing what constitutes “normal” employee behaviour by analysing a host of variables over a period of time to identify how the majority of staff members complete tasks across the organisation. Then, a data scientist runs an analysis on that information designed to reveal profiles that do not correspond to those typical behavioural patterns.

Since no large organisation has the bandwidth, money or resources to monitor the behaviour of every employee, this approach is a cost-effective way of countering the threat of a rogue employee.

A large financial services customer provides a compelling example. The company knew that four of its employees had committed a fraud, and challenged a team of data scientists to figure out their identity using big data analytics.

By crunching HR and transactional information for the company’s entire employee base, the team first identified the behavioural attributes that characterised a “normal” member of staff. It then searched for user profiles that displayed anomalous behaviour, and correctly identified not just the four perpetrators, but also two further suspects.

The whole process took two weeks, and subsequent fraudulent activity could be detected in just 24 hours. Imagine how much cash leakage and corporate embarrassment a company could avoid if spotting, investigating and weeding out fraudulent activity took a couple of weeks, rather than a year?

Consider these theoretical examples: data show that over a period of 12 months, the majority of company accountants send out invoices either daily, or before quarter end. However, one individual does it every other Thursday after 7pm. This is not necessarily fraudulent behaviour, but it could be. Either way, it is easy for a manager to investigate.

Equally, what about the employee who regularly downloads a bundle of documents late on Thursday night? Are they just working from home every Friday, or joining a competitor in six months and stealing your road map? Behavioral analytics using big data sets provides insight that is easily actioned and sustainably and cost-effectively incorporated into business processes.

Returning to Mr Snowden, it is easy to see how behavioural analytics could have helped the NSA discover that a rogue IT administrator was regularly accessing and downloading classified files.

Even more forensically, the analysis would probably have demonstrated that Mr Snowden’s pattern of task completion was different from that of his colleagues. It is highly likely the combinations of files he opened and switched between were unorthodox when compared with trillions of other examples.

It might have taken six weeks or longer, but the likelihood is that a proactive, robustly monitored big data-based behavioural analytics strategy would have picked up Mr Snowden and stopped him from leaking the most sensational story of the decade.

If Edward Snowden has taught us anything, it is that we cannot rely on traditional security software to keep our data 100 per cent safe. We must develop strategies that are capable of stopping even the most cunning data thief.

We must take Mr Snowden as our yardstick and measure our organisation’s security based on the havoc he could wreak as one of our employees.

Behavioural analytics is not magic, or rocket science. It just requires a robust, up-to-date IT infrastructure and a set of algorithms carefully and deliberately applied. It is clear these precautions should be high on any business leader’s list of priorities.

Key words, Tags: Predictive Security; Trust by data

-------------------------------------------

Steve Jones is Capgemini’s director of strategy for big data and analytics

google-site-verification: google12ae3469811d0588.html