Cybercrime targets smaller organizations

A recent Data Breach Investigation Report (DBIR) from Verizon notes that 98% of data breaches stemmed from external sources using hacking techniques (81%) and malware (69%).  About 79% of the data breaches were directed at “targets of opportunity”, typically smaller organizations that are vulnerable through an “exploitable weakness”; most attacks were performed using relatively unsophisticated methods.

Of the breaches investigated, 94% involved computer-network servers; 85% took weeks or longer to discover.  Of those discovered, “97% were avoidable through simple or intermediate controls”.

Wade Baker, Verizon’s security research director, told London’s The Inquirer that cyber-criminals target small and mid-sized organizations since larger enterprises are well defended.

Basic suggestions:

• Scan emails for malware and threats
• Require complex passwords that change frequently
• Restrict access-control and review event logs periodically
• Deploy a physical firewall and maintain/update it periodically
• Restrict web-surfing, especially on computers with access to sensitive data
• Install malware-prevention software, update it continuously, and scan often
• Train employees on proper security policies and common threats

(Note: These are areas where Bryley Systems can help; please call us at 978.562.6077 or email Info@Bryley.com.)

See CSO’s Thwarted by Security at enterprises, cyber criminals target SMBs for comments and suggestions.

Visit http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf  summary.