Security : Data Breach : :
Breach Tactics May Change But Targets Remain the Same
The Identity Theft Resource Center recently released a report of nearly 400 security breach incidents so far in 2014 which put sensitive credit card data and other information at risk. Affected organizations included retailers, healthcare providers and universities.
Csaba Krasznay, Shell Control Box Product Manager at BalaBit commented that, “while the breach tactics may change, targets of breaches affecting many people don't really change in time - targets are still sensitive data such as credit card information, user accounts, social security numbers, etc. Root causes of successful cybercrime attacks are usually the same: victims have badly configured security systems, insecure custom software and unaware employees.”
“Exploiting the mixture of these ingredients, even an individual attacker with basic hacking skills can get access to a system -- but organized cybercrime gangs using zero-day malware are irresistible,” he explained. “We have to realize that victims typically use IT heavily for their services and have thousands of customers but IT is not the main focus in their daily operation therefore information security is not the main pain point for them. These organizations are easy prey nowadays and they should realize the fact that times are changing and today customer satisfaction relies heavily on information security.”
Krasznay continued, “It is time to implement security culture, IT risk management and a well-functioning layered defense for everyone who handles thousands of users’ data and financial information! But I emphasize the one important lesson to learn is that if someone wants to hack into our system, he or she will hack into our system for sure.”
“It doesn't matter how deep an attack would be. Organizations should be ready for proactive security by implementing intelligent security solutions – for example, user behavior analysis, anomaly detection; preventing or block malicious user actions before they happen; and being ready for the worst case, record all the activities and attacks in audit trails to support forensic analysis.”