7 simple steps for thwarting hactivists
By Carolyn Duffy Marsan
March 22, 2012 — Network World — More data was stolen from corporate networks last year by hactivists than by cybercriminals, according to a new report from Verizon.
The Verizon 2012 Data Breach Investigations Report includes analysis from 855 cybersecurity breaches worldwide that involved 174 million compromised records. More than half -- 58% -- of all data that was compromised last year was the result of politically-motivated attacks rather than those motivated by financial gain.
Verizon said most data breaches could be avoided if network managers followed best practices in information security.
Here are seven tips that Verizon says will help CIOs avoid hactivist-style attacks as well as thwart cybercriminals:
1. Protect your servers.
Verizon found that 94% of all data compromised last year involved servers, rather than end devices such as laptops or smartphones. So while CIOs are worrying about mobile device management and employee "Bring Your Own Device'' policies, they ought to be paying more attention to the physical and cybersecurity of servers that contain personally identifiable information or intellectual property.
2. Get rid of unnecessary data.
Corporations tend to collect too much sensitive data in the first place, and then they fail to delete it when they no longer need it. All organizations need to have strict policies for retaining as little data as necessary to meet regulatory requirements. They need to know what data must be retained and where it is located so they can keep it secure.
3. Look at your logs.
Many corporations have security software that is network access and other logs, but they don't have automated tools for analyzing the logs and finding vulnerabilities or breaches. CIOs need to dedicate IT staff to monitor and mine event logs for evidence of network or server break-ins. Unusual network activity can be a sign of malware that collects, monitors and logs the actions of users as a way of gathering user names and passwords. Log monitoring also can identify a common attack known as SQL injection.
4. Use two-factor authentication.
Having a two-factor authentication system for access control - such as passwords and an access card - reduces the risk of hackers breaking into servers with stolen user names and passwords. It's also important to have strict password policies such as complex passwords, regularly changing passwords and limiting failed login attempts. Another suggestion is to use IP blacklisting to restrict access to servers.
5. Beware PC Anywhere.
Tools that provide remote access to employee systems such as PC Anywhere are commonly used by hackers as an unlocked backdoor into corporate systems. Network managers can use IP blacklisting to block which systems have access to these tools as well as egress filtering to prevent sensitive information from flowing out of a corporate network. Data loss prevention and intrusion detection systems can help, too.