The long-awaited Verizon 2014 Data Breach Investigations Report is out and it’s well worth reading.
While the report’s portrayal of our (in)secure IT world is dismal, the finding that 92% of security incidents from the past decade can be categorized into one of nine "threat patterns" makes it surprisingly relevant.
Out of the nine threat patterns, the three I found most interesting were user errors, insider and privilege misuse, physical theft or lost devices. Each of these three areas is distinctly less sexy – but more realistic – for most companies than an army of evil hackers from Nation X.
Within these threat patterns, the report mentioned four simple takeaways worth remembering. I pulled the below texts as direct quotes with the page number,
- Know your data – “The first step in protecting your data is in knowing where it is, and who has access to it. From this, build controls to protect it and detect misuse.” (page 26)
- Encrypt it before you lose it - “Considering the high frequency of lost assets, encryption is as close to a no-brainer solution as it gets for this incident pattern.” (page 28)
- Get systematic with your data – “Highly repetitive and mundane business processes involving sensitive info are particularly error prone.” (page 29)
- Start making steps - “organizations can take steps to decrease the frequency of all manner of accidents by reducing their exposure to the common error patterns that result in data disclosure.” (page 31)
So there you have it. On each of these four points, Safetica offers viable help, with its DLP, encryption, and activity monitoring capabilities. I recommend reading the full report online or, at a minimum, reading the SecurityWeek summary.