Data Breaches: Small Business Edition
- Date: May 04, 2016
- Author: Brad
- Comments: no comments
- Tags: data breaches, digital forensics, incident response, report
- Categories: DBIR, Forensics, News, Services
2016 Data Breach Investigations Report: Small Business Owner Cybersecurity Edition
Every year, Verizon partners with various public and private sector entities to create this annual investigative report. It covers real-world data breaches and computer security incidents from the prior year. The 2016 Data Breach Investigations Report (DBIR) covers data from 2015 and this is the eighth (8th) year for this annual report. **Disclaimer: This blog post is for informational purposes only and should not be construed as legal advice. You should always contact your legal counsel or attorney for legal advice. This list is not inclusive and is merely an informational guide.** Every year when this report is published, there is a security frenzy. We want to focus on just a few key-points in this report that the small business owner (SBO) can utilize to improve his/her security posture. So why this report? The contributors include law enforcement and various organizations that have been on the front-lines of cybersecurity. In other words, this data is culled from reputable sources of real-world data breaches and computer security incidents. Take 30-60 minutes to review this report and what you can do to leverage these metrics into your business' computer security model. If you need a security risk assessment, contact us. So what do you need to know about data breaches and securing your small business? Focus on the basics. What attackers used in 2014 to hack into organizations worked in 2015, and will continue to work in 2016.Data Breaches: Breach Trends
Yes, the majority of breaches come from an external source versus an internal source. However, you cannot rule out internal source. The Insider Threat, either intentionally, or unintentionally leaking your organization's data. The financial motive is still the primary reason for an attacker breaching your business' computer infrastructure. The User Device and Person are beginning to trend upwards, which means attackers are targeting your endpoint, end user more and more. Phishing and other malware related campaigns targeting the human (weakest link in the security chain).
Points of Focus
Credentials
The majority of confirmed data breaches involved default, weak, or stolen passwords. This continues to be a consistent trend we see when investigating a computer security incident. This is nothing new, nor groundbreaking, but something everyone has heard in some form, or another. In this cat and mouse game, it is important to regularly change passwords, remove default credentials, and have strong passwords. Yes, special characters, upper/lowercase letters, and numbers are important. However, password length is VERY important. We recommend you utilize a pass-phrase consisting of 12 characters minimum.Phishing: Don't fall for the email scams
Email phishing is still very successful at getting malware onto your endpoints (PCs). Phishing is a form of social engineering where the attacker attempts to steal information, or trick the user to clicking on a URL. Once the user clicks on the URL, malware is downloaded and installed to the computer. If you run a medical practice, email phishing can be costly. Ransomware continues to very costly to businesses and continues to be delivered through email phishing campaigns. The FBI has some advice on protecting yourself from ransomware.Vulnerabilities: old vulnerabilities are still being exploited and targeted by attackers
There are new vulnerabilities that are identified daily. Just as you would complete a product inventory, or audit business supplies, an IT asset inventory is a MUST. How can you manage, protect, and identify vulnerabilities if you do not know what technology assets you have on your network. So, start with an accurate IT asset inventory. Next, work with a reputable IT vendor, to identify vulnerabilities and complete a patch management plan.Closing
If you are a small business owner, partner, executive, and/or a stakeholder in your organization cybersecurity must be discussed in your boardroom. We recommend you start by reviewing this report, so you have real-world data to develop a cybersecurity culture within your organization. Identify your biggest risks and develop cost-effective solutions for improving your cybersecurity posture. Contact us as we are happy to help!Train and empower your employees! Your employees are your first line of defense! Educate them of these risks associated with using your small business' information technology systems and what they should do when they see something.Source: Verizon 2016 Verizon Data Breach Investigations Report
No Comments Yet.