The Green Sheet Online Edition
November 28, 2016 • Issue 16:11:02
Tripwire, Verizon advocate cyber-readiness
The National Retail Federation projected a 3.6 percent increase in 2016 retail holiday sales, and leading security firms are warning companies to protect their data. Recently published reports by Tripwire Inc. and Verizon Inc. suggest retailers can do more to safeguard physical stores and ecommerce sites. The Tripwire study, published Oct. 10, 2016, surveyed 763 information technology (IT) professionals, 100 of whom were in the retail sector. Verizon's 2016 Data Breach Investigations Report analyzed over 100,000 incidents that occurred in 2015, including 3,141 confirmed data breaches.
Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire, cautioned IT professionals against complacency. "The increased scrutiny of retail cyber security in the wake of major breaches has forced organizations to focus on securing their environments, yet these survey results show that there's still a lot of room for improvement," he said.
Verizon's study found that 99 percent of reported cyber attacks in 2015 occurred within a period of hours but went undetected for weeks, sharply down from response times in 2014. "There is a dramatic decline in internal discovery and a corresponding increase in discovery by fraud detection in our dataset this year," the authors wrote.
Seven-point protection plan
Tripwire analysts recommend protecting physical and digital infrastructures with a seven-point plan established by the United States Computer Emergency Readiness Team (US-CERT). "When implemented across an organization, these controls deliver specific, actionable information necessary to defend against the most pervasive and dangerous cyberattacks," the company stated.
US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats and exchanging critical cybersecurity information with trusted partners around the world, according to its website.
Following are the seven elements to address as part of US-CERT's protection plan:
- Accurate hardware inventory
- Accurate software inventory
- Continuous configuration management and hardening
- Comprehensive vulnerability management
- Patch management
- Log management
- Identity and access management
Tripwire cited the following data as evidence of the need for early, automated threat detection:
- 84 percent of respondents were confident they could detect intrusions on their networks, but only 51 percent knew exactly how long the detection process would take.
- 43 percent of respondents knew how long it would take their vulnerability scanning systems to generate an alert after detecting unauthorized entry on the network; 81 percent believed it would happen within hours.
- 51 percent of respondents believed their automated tools do not detect all necessary information, such as locations and departments, needed to identify unauthorized configuration changes to endpoint devices.
- 36 percent of respondents said less than 80 percent of patches succeed in a typical patch cycle.
Advanced tools, surveillance
Verizon and Tripwire advise IT professionals to use advanced security tools to protect against increasingly cunning cybercriminals. Verizon cited phishing as a dominant cyberattack method. As multilayered protections against phishing scams, the company proposed spam protection, list blocking, email header/attachment/URL analysis and reporting of suspicious emails.
The Verizon report encouraged companies to authenticate, segment, and monitor all devices, apps and personnel connected to their networks. Report authors also gently poked fun at the idea of enforcing best practices within a security department. "One can't really say 'don't screw up again', or 'pay attention to what you are doing, for Pete's sake,'" they wrote. "Nevertheless, there are some common sense practices that can be implemented to help keep errors to a minimum."
In addition, they recommended the following for reinforcing internal guidelines: learn from your mistakes and implement new training materials for security awareness, use data to map the most common errors to minimize frequency and mitigate damage, and implement procedures to wipe all assets containing data clean before you resell or trash them.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.