Exposing the five common data breach myths To help you decipher fact from fiction, Jody Brazil, President and CTO of FireMon, reveals the biggest myths that exist about data breaches, and explains how and why they occur… live in the age of the data breach. It seems that W eevery day we hear about yet another breach of a
breaches were not complex. In fact, the majority could have been stopped with simple or intermediate controls. For every zero-day attack that hits the headlines, there are 80 or more attacks and breaches caused by known vulnerabilities or threats. What’s more, the vast majority of victims are the result of an opportunist rather than targeted attack.
However, many in the security industry have become so disillusioned by failure that they think that a breach is inevitable and the primary focus should be on detection and response as opposed to prevention. In truth, there is no single, simple answer and giving up is not a viable alternative. To help, here are the five myths that exist about data breaches:
Myth #2: “Network controls are useless since all attacks now are layer 7 application level attacks”
computer network, resulting in the theft of confidential or sensitive information; both within the security industry and in society. In general, we are in a constant search for a solution to this problem.
Myth #1: “Most threats and attacks are very sophisticated” With today’s advanced persistent threats; zero-day exploits; and sophisticated targeted attacks, it has become fashionable to throw up our hands, feeling helpless against these new classes of attacks. Some security professionals advocate that we will not be able to stop these kinds of attacks and we should plan for what to do when they do happen, rather than trying to stop them.
Oh, how the web app security vendors would love us to believe this one. But alas, this is another myth around data breaches. While many attack attempts come in via port 80 – the port used by web traffic – it does not mean that existing technologies in network security could not be used to block them. A firewall, for example, can be used to stop web-based attacks. Blocking via IP address; white-listing IPs; and other firewall configuration management techniques, can block many application layer 7 attacks despite popular myths to the contrary.
While there is no doubt that trying to stop these kinds of attacks is very difficult, the fact is that according to the Verizon Data Breach Report of 2013, a staggering 99% of all
Instead of putting so many resources into preventing a data breach, the tendency is to put resources into incident discovery and breach response
www.vital-mag.net | September-October 2013