We live in the age of the data breach. It seems every newspaper and newscast reports yet another breach every day. The media outlets themselves have even become the targets of these attacks and data breaches.
However, many of the perceived causes of breaches and failures of technology are actually myths. These myths obscure a clear path to increased security and better risk management. Debunking these myths is an important step to improve the effectiveness of our security defenses against future breach attempts.
With today's advanced persistent threats, zero-day exploits and increasingly sophisticated targeted attacks, many think the attacks are too hard to stop. While there is no doubt that trying to stop these kinds of attacks is very difficult, the fact is that according to the 2013 Verizon Data Breach Report, a staggering 99% of all breaches were not highly difficult. According to the report, 97% could have been stopped with simple or intermediate controls.
While many of today's breaches do involve zero-day or other attack techniques, they almost always contain some element of rudimentary, garden variety attack vector that could and should be thwarted.
Myth: My technology is to slow, old or obsolete
This may be the single biggest myth in IT, let alone security. How many times have we heard "my computer did not function properly"? Other flavors of this myth include "my technology was too slow, too old, and out of date."
In security specifically, we live in a "next-gen" world. If there is a next-gen tool in a particular category, it is immediately considered better and makes the previous generation obsolete. Or so the myth goes. We hear about an attack being successful and immediately think we need a new tool or a new technology to prevent it from happening again.
We don't think too much about why our present technology did not prevent or stop this new attack. Was it really a case of the technology being incapable of thwarting the attack? More often than not, an examination of the facts will show that the technology deployed could have successfully protected you if it wasn't misconfigured. Misconfigurations are much more likely to be the reason for a data breach than obsolete technology.
Misconfigurations could involve a firewall setting allowing traffic to or from a specific IP or via a port that should have been closed. Misconfigured network settings are a major source of data breaches. Who has permission to access what files and assets on the network? There could also be a misconfiguration on a server, such as incorrectly set file permissions.
Sign up for Computerworld eNewsletters.