Monday Morning Quarterback: Data Breaches

Super Bowl 50

Living in the San Francisco Bay Area right now is quite an experience with Super Bowl 50 being only a few miles from our office. You cannot go to the grocery store, get gas (or petrol for our “American football” friends in Europe and Asia) or head to your local favorite restaurant without being bombarded with Super Bowl advertisements, visiting fans and a lot of bad traffic. Being a Philadelphia Eagles fan I cannot say I have a specific team I am cheering for this weekend though I can say good luck to you San Francisco with Chip Kelly as your new head coach. Anyway…

A favorite pastime amongst football fans after a game is to “Monday morning quarterback” your team (or someone else’s team) and explain how “if only I was the coach…”. This same pastime can be applied to data breaches as hindsight is always 20/20. Instead of taking a specific data breach, belabor over the timeline and stating things like “here’s where they went wrong” or “this was a key indicator that they missed”, let’s look at data breaches in general and the commonalities that intertwine through all of them. Let's also talk about some other interesting data points that can help us Monday morning quarterback our way through a data breach. Without further ado, here are my three things that could be done differently to lower your chances of a data breach.

1) Test your network

Don’t take marketing data sheets at their word. You need to validate the security of your network for yourself and report security coverage holes to the security vendors who you have purchased the products from. Security efficacy issues for security products is not a new topic. ICSA Labs, an independent third-party testing lab, published a 20-year study titled ICSA Labs Product Assurance Report on how products performed that were submitted to them for testing. In this report, ICSA Labs outlined that it took an average of 2-4 testing cycles for a security product pass for the first time. Also, the initial pass rate was only 4%. Even with additional testing cycles, not every product met the testing requirements. Pass rates vary depending on the technology, however, the overall average was 82% of products submitted for testing achieved certification from ICSA Labs. This mean that you could be left with holes in your security coverage that you don’t know about unless you are taking proactive steps to know about them.

2) Patch your systems

Not all breaches take advantage of the latest and the greatest vulnerabilities (i.e., zero-days). Make sure you are not focusing only on new security vulnerabilities. The Verizon 2015 Data Breach Investigations Report (DBIR) found that when attacks exploit a known vulnerability, 99.9% of the exploited vulnerabilities compromised were more than a year after the associated CVE (Common Vulnerabilities and Exposures) ID was published. This highlights the need to develop security policies and procedures for installing patches and updates in a timely manner on existing infrastructure (both endpoints and network devices). If your systems are properly patched, you have limited the threat landscape available to an attacker.

3) Get Third Party Validation

Even if you have a dedicated security or security operations team, it only makes you more secure to have a third party validate your environment. When I worked in healthcare, we did every six months in order to stay in compliance with HIPAA requirements and it helped us address issues before they became nightmares. Spirent SecurityLabs has a wide range of security consulting services that can meet your needs from web vulnerability assessments to network penetration testing. The results you get from this team will help your internal team resolve issues before they become a liability.

In Summary

Nothing can prevent a data breach except for maybe cutting your network cables that connect your organization to the Internet. As the world we live in puts demands on companies in ways that makes this impossible, the next best thing is to make yourself and your network a very hard target for the attacker. 

  • Take proactive steps to ensure you are not the next one on the front pages of magazines or have to explain to your board members why you didn’t have the right security policies in place to protect your organization. 
  • Test your network. 
  • Patch your systems. 
  • Get third-party validation. 

Empower you and your organization and be proactive in your security.



comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.