Thanks to our friends at Alert Logic for contributing this article to our blog.
Back in June, we took a look at some of the major breaches of 2014. We chose Heartbleed, the eBay breach and the data breach at University of Pittsburgh Medical Center (UPMC), mainly because of the magnitude of the breaches, the diversity of the threats and the amount of coverage these breaches received.
Since June, there’s been no shortage of additional data breaches. Here’s a random sample, just for retail organizations in the United States.
- Possible data breach at Dairy Queen potentially affecting consumers in at least eight states
- In mid-August, JP Morgan Chase was likely a victim of a zero day attack
- An attack at Community Health Systems potentially compromised personal data of more than 4.5 million patients
- Malware was found at 51 UPS Store Inc. locations in 24 states
- Data breach at Supervalu supermarkets and liquor stores, including Cub foods, Albertsons, ACME markets, Jewel Osco, Shaw’s, Star Market, Farm Fresh Supermarket, Hornbacher’s, Shop ‘n Save and Shoppers Food and Pharmacy
- Sporting good and outdoor gear retailer REI announced a breach where attackers obtained consumer’s email address and passwords
We could keep going … Jimmy John’s, Goodwill, StubHub, NASDAQ, Legal Sea Foods, Home Depot and many others have all been known or alleged victims of data breaches since June as well. And we could easily double (or triple or quadruple this list) if we included examples from other industries (e.g., government) and other parts of the globe.
In a couple of webinars we hosted earlier this year on the Target data breach and our own Cloud Security Report, we predicted that 2014 was going to be a bad year for retailers and offered a few suggestions why, including:
- Easy access to malware via the Internet
- Evolving and more sophisticated malware
- More organization and coordination by attackers
Should you be worried that your organization could be the next victim of a cyber attack? We think so. As Andy Grove from Intel said many years ago “Only the Paranoid Survive.” If you are a little paranoid, one easy way to add defense in depth layers is to protect your systems, networks and applications with log management, intrusion detection and web application firewall solutions. Examples of how these tools can secure your datacenter layers include:
- Detect failed login attempts from known/ unknown actors
- Detect registry setting changes in applications
- Detect new services started or stopped on a given host
- Detect brute force attack and brute force attempts
- Signatures can detect intrusions and possible data leakage
- Detect attempted attacks and data ex-filtration
- Scanning can identify potential vulnerabilities
Web application firewall:
- Detect attempted compromise and block if inline
Of course tools are just one part of protecting yourself. You need people to manage them by updating content and monitoring them for alerts and you need to build and follow processes such as creating access management policies and adopting a regular patch management approach. Even doing the basics though can help. Part of not being a victim is not being easily vulnerable. Just like the burglar who passes on robbing the house with a home alarm system, many attackers will pass on organizations that have security layers in place and look to find the easiest, most vulnerable targets to focus on.