Keep IT security simple
New study of corporate security breaches says that 87 percent of all security breaches could have been avoided “if reasonable security controls had been in place at the time of the incident”
Information security experts keep insisting that the most effective way to lock down systems is to follow the most simple security procedures — the kind that have been around for years but those that many organizations rarely do. NextGov’s Allan Holmes write that driving that point home is yet another report on security breaches, this one coming from Verizon Business Risk Team, which studied 500 security breaches which occurred between 2004 and 2007. According to its 2008 Data Breach Investigations Report, 87 percent of all security breaches could have been avoided “if reasonable security controls had been in place at the time of the incident.” The team called this conclusion “perhaps the most significant statistic coming out of this historical analysis ….” (Unfortunately, Verizon waited until page 26 of the 27-page report to make this observation.)
Verizon Business recommended organizations make sure they follow already-established security policies and procedures (59 percent of all breaches occurred at organizations that had security policies but for whatever reason did not follow them), implement the most obvious controls first (83 percent of all attacks were not considered very sophisticated), and monitor your logs (82 percent of all attacks could be seen coming due to events listed in the logs).
As Verizon Business reported, these recommendations are not sophisticated and “lack the panache of new gizmos,” but they work.
