The following article is a guest post from Erik Grueter of docTrackr, which provides document security & tracking for enterprises. Some 41% of all security incidents this year hit application servers and digital documents. This shocking digital security trend was revealed by the Verizon Data Breach Report, a vast record comprising 47,000 of the most important security incidents, data leaks, and malware compromises. What does this mean? Simply, the servers that host web applications and email, along with sensitive documents like financial reports, tax information or employee data were among the most targeted digital assets on record.
With these statistics in mind, it’s tough not take a step back and reconsider how we protect our applications and data. Verizon reveals old security strategies that focus on protecting devices and networks aren't really cutting it anymore. A note on percentages reported below: since many incidents of data loss include multiple actions, it is possible for multiple actions to share the same piece of data loss. This means they both receive a percentage of the same data loss incident. The fact that these actions are not exclusive means there will be overlap.
Hacking and malware take the cake for the most common types of breaches. In the above graph “hacking” here refers to all attempts to intentionally access or harm information assets without authorization, including the use of stolen credentials, SQL injection, or back door installations. Malware encompasses a broad range of malicious software and unauthorized attempts to intentionally access digital assets. Social here refers to social engineering, a form of data theft that exposes the vulnerabilities of human error in security. Phishing campaigns, strange phone calls and in person visits from unauthorized persons all fit the bill. What constitutes a physical attack? Any attack that would require some in person presence to implement. Be it stealing a company device, hard drive, watching an employee type in a password, or hacking into an ATM machine. So what can you do to protect your software and data from compromise?
Turns out our data thieves are looking for quick money...shocker, we know. Verizon reports 75% of attacks are opportunistic, meaning they are easy to implement and designed to prey on the average, unsecured developer or company. Savvy companies have a number of ways to protect their digital assets without using spyware and antivirus technologies that rely on old malware lists to catch bad programs. New security solutions that protect digital assets at the data and application level take a different approach to security, here is how you can implement them.
Security applications that dynamically inspect web applications are highly effective at protecting against the most common forms attack. The difficulty of most attacks is low, applying stolen credentials to gain access to code, using SQL injection, buffer overflows, or brute force attacks are common and easy to employ. That’s why implementing an application security solution that can protect against these hacks can be a very effective fix. If an organization does not have the resources to conduct application security testing themselves, they should consider security testing as a service. In order to stay secure, give web based threats the respect they deserve. Firms can protect against the common attack types mentioned above, without pulling resources away from development.
Sensitive data & documents are also a major target for attackers. What can you do about it? Direct encryption is a good start. Most common doctypes have some built in encryption capability. Employees can enable this encryption on documents before they send it out over email, or store it on their machine. The power of directly encrypting documents is that they become secure when they are both moving from one party to the next, and being stored on a computer. This makes it much easier to protect a document from malware that reads email attachments, or looks for important files stored on your computer. You can also employ a document security solution. Having the power to directly encrypt, track, and manage documents beyond the security of your local network means your data will be safe from theft on any device. This is increasingly important given the proliferation of malware, and your inability to control the security environment of outside computers.
Some 41% of all incidents for the year can be attributed to hacking and malware. These threat actions continue to be the main drivers of data loss and application compromise, old network security methods simply do not cut it anymore. Malware is getting into local devices, and its reading unencrypted documents. SQL injection and other common types of application attacks are also happening in greater numbers. But there is no need to be gloomy here. Security has adapted. It is simply a matter of having the vision to adopt these new security strategies. Cloud delivered security is quick to implement, and highly effective at protecting from the most common types of attacks against businesses today. Implementing security might seem time consuming. Many smaller companies think their digital assets will not get compromised. Instead of thinking about the costs, think of security as a form of insurance on all the work you have created. You can't put a price on the knowledge your work is secure from theft or damage. Photo courtesy of: Stock. Xchng