From a Corporate Perspective
Breaking all records, there have been 551 confirmed data breaches and over 150 million records compromised in 2015. In 60% of cases, attackers were able to compromise data within minutes. It is no longer adequate for enterprises to react once an alert indicates they are under attack.
How effective is your corporate security strategy at hunting and detecting signs of compromise?
It's no longer enough for enterprises to react once an alert indicates they are under attack. How effective is your security strategy at hunting and detecting signs of compromise? A new approach is needed — one that turns defense into offense.
With record numbers of companies transmitting data in encrypted formats, one would assume that the number of breaches should be going down, but in fact breaches are increasing. Understanding how cyber criminals think is the first step to actually stopping your company, or you individually, from becoming the next statistic.
Step 1: Protect "data at rest" with the same vigor as "data in motion." Data at rest requires an encryption at the keystroke level, which addresses one of the most prevalent attack schemes used by hostile nation states as well as independent hackers. Providing an end-to-end encryption strategy would have eliminated 80% of all breaches that occurred so far this year.
Step 2: Have an effective "End-Point Detection" system in place. Focus on proactive Indicators of Attack (IOA) vs. Indicators of Compromise (IOC) to gain maximum oversight into all adversary activities: reconnaissance, exploitation, privilege escalation, lateral movement and exfiltration.
Step 3: Attract and train skilled IT security staff, and also address the habits of all network users. Organizations have a serious "people problem" when it comes to securing networks and data. Employee actions resulting from negligence, ignorance, malice, misplaced trust — or just curiosity — have a hand in many security breaches.
From a Consumer Perspective
Step 1: Admit our data is already in the hands of bad guys and already being bought and sold.
Step 2: Employ an Identity Monitoring Strategy that encompasses ALL the usages of our identities. Seventy-percent of illegal usage of identities is non-credit related, so while Credit Monitoring is a part of an effective strategy, it is by no means enough. For example, criminals use our identities to hide and illegal aliens use our identities gain employment. In these instances, monitoring utility companies and Department of Motor Vehicle records is imperative to catch these types of fraudsters. Secure Identity Systems monitors over 1,500 databases through a program called Total Identity MonitoringTM to provide the most comprehensive monitoring solution in the marketplace today.
Step 3: Protect ALL computing devices. To protect your smartphone, tablet and computer, you should start with basics, such as:
- Make sure all programs always operate in the latest versions. Software makers regularly patch vulnerabilities and it is critical that we have the latest patches
- Run the latest version of antivirus protection
- Encrypt your keyboards! Account takeovers hit record numbers this year and a primary source of this is through key-loggers that unfortunately antivirus programs do not often detect. Key-loggers remotely record all your keystrokes as if they were standing over your shoulder watching you login to pay bills, etc. So using a program like StealthType is critical to secure your keyboards.
Employ all the above tactics to reduce your risk of being breached and catch illegal usage of your identity at the earliest possible stages to limit damages. We cannot eliminate all the bad players out there, but we can play smart and make ourselves the most difficult possible target.
Bryan Ansley is CEO of Secure Identity Systems, which provides financial service companies with identity theft protection solutions. He can be reached at 877-304-3349 or BAnsley@SecureIdentitySystems.com.