Wednesday, February 4, 2009

Most common safety violations

A while ago I came across an interesting recent report developed by the company by Verizon Business, which describes the most common safety problems that occurred during the past four years, causing considerable loss of information in enterprises.

The report shows that:
  • In 87% of cases, problems could have avoided problems through without basic safety measures.
  • In 66% of cases, companies did not know they were publishing sensitive information through their systems and websites
  • At 39% of security breaches, business partners actively participating in the company (Partners), which was multiplied since 2004.
As you will see, so far only mentioned three of the most important document which sets but beyond that, they are often considered trivial bypass forgetting, however, are the keys to an attacker. On the other hand,
  • 73% of the weaknesses were due to external sources,
  • 18% was caused by internal staff, which is known as an insider.
Given this information, we can demystify the belief that states that the greatest damage is caused by external attacks (73%) is perhaps carried out by a guy who is across the world from your PC and drinking beer. Contrary to what may seem surprising that this percentage, damage from these attacks have a minimal impact.

This doesn't apply where the attack is led from within the organization because, although the percentage is lower (18%), this type of attack is what causes more damage in the company because, in most of the cases committed by personnel who have known and privileged and sensitive information of the company.

However, after reading these points, the question that generates the turning point on this issue is could have been avoided? As the answer a resounding YES.

The same report states that 87% of the problems could have been prevented through basic security, namely through the implementation of reasonable security controls designed precisely to prevent this important 87% of problems.

Another important document that sets out is that 22% of the attacks occurred through the exploitation of vulnerabilities, of which more than 80% were known, ie it was not 0-Day exploit, besides having its for a security patch that fixes the weakness.

This point in particular, brings to mind the great noise that has been causing, for example, the worm Conficker high infection rate in just a few days, taking advantage of a vulnerability in Windows platforms settled in security bulletin MS08-067, or the recent vulnerability in Internet Explorer settled in the bulletin MS08-078 trojan and many are actively exploiting.

It sa very important to know that some of the basic safety measures that must be taken into account through implementing and/or update the Security Policy of the information in the enterprise, and monitor the implementation of the measures outlined in this focuses almost all solution to security problems mentioned above.

We know what data, where they are stored and what's the value that each one of them according to the plan made hazards, is also an issue to consider because it's not possible to ensure that it's not known or not knows where you are.

We must try to take the sense of a strategy to secure the environment, or at least find a proper balance of security in it.

An interesting document which calls for an examination of the security problems that commonly presents without leaving an organization's most valuable asset protection to which account information, often without knowing who is available to the public".

Related Information:
Massive exploitation of vulnerabilities through servers ghosts
Malware attack via Internet
Commonly exploited security weaknesses
Whitepaper Ataques informáticos - Debilidades de seguridad comúnmente explotadas (in Spanish)

# Jorge Mieres

No comments: