By Omar Khawaja, managing principal, global security, Verizon Enterprise Solutions
According to the Verizon 2013 Data Breach Investigations Report, 52 percent of attacks involved hacking – intruders took advantage of a weakness (vulnerability) in the targeted system.
One way to reduce the likelihood of being breached is to proactively identify your vulnerabilities. Vulnerabilities can exist on an application, network, mobile device, virtual machine and even a process or person – basically anything that stores, processes, or transmits data. The best place to start is a vulnerability scan across all applications and networks.
For more critical systems, deeper and more comprehensive assessments such as pen tests, code review, secure app development training or even a review of your SDLC should be completed. Tools are available to manage these types of activities. For example, Verizon offers the Security Management Program (SMP). It consists of a series of ongoing assessment activities (interviews, vulnerability scans, policy reviews, etc.) to measure the efficacy of an organization’s security program; the results are displayed in an online dashboard that provides a detailed risk scorecard and mapping to various security regulations (HIPAA, FFIEC, etc.) and security standards (PCI, HITRUST, ISO 27002, etc.).
And, here’s something else to keep in mind. This year’s Data Breach Investigations Report also noted that 76 percent of network intrusions exploited weak or stolen credentials. It’s important to have strong identity management in place to protect your most valuable data.