Brian Royer, writing over at Dark Reading, hits on a subject that I’ve been talking about more and more lately.
Since the release of Verizon’s 2012 Data Breach Investigations Report, I can’t help but thinking that in most cases it’s not IT that will keep users safe, it’s a combination of management and best practices. The Verizon report revealed that 97% of data breaches evaluated by the telecom giant in 2011 were avoidable and did not require hackers to possess special skills, resources or customization. And it found that the majority (30% of breaches, impacting 84% of records breached) was the result of stolen login credentials.
Brian’s point, and the one that I make frequently, is that security today is much more about the processes and practices in place in your organization than it is about the technology in place. Today’s modern technology environments likely come with everything necessary to prevent the vast majority of attacks that you’re likely to see. Heck, the wireless router you pick up at your local big box store likely has firewall, IDS, and IPS technology built into it for less than $50.
So what differentiates the people that are compromised from those that aren’t? Process. Organizations that have processes that are backed up by policies and are built based on best practices are using the technology in ways that keep them safe.
This isn’t to say that you’re 100% safe if you have good processes and practices – there’s always the chance that there is someone out there determined enough to try to get in, and a determined enemy is your worst enemy. However, based on the data that we have, good policies and best practices will go a long way toward keeping you safe.
If you’re not sure if you have the right policies and best practices in place, take a moment and take our risk-free Security Survey.