As you will no doubt be aware, there have been numerous high profile incidents regarding the loss of data, specifically customer credit card details and other personal information from vendors including Adobe, Sony and the USA retailer Target, all of whom are alleged to have lost over 100 Million records EACH (unbelievable isn’t it).
The vectors for these attacks are many and varied, involving code delivered inside the network, weak administrative controls and passwords, exploitable code in applications used within the business, weak patching on web servers, the usual suspects; All of which we have covered in these blogs in the past.
It has been announced that as a consequence of the enormous breach, the CIO of Target, Beth Jacob has resigned from her position and that the retailer will review its security from the ground up, which, by the way, it had already been advised to do before the breach.
What all of these breaches show is that it matters not what the attack vector is, it is the DATA or the ASSET that is important.
Unless you identify what your critical assets are, it is impossible to manage the provision, operation and management of appropriate security controls for those assets.
ITC’s five step programme to Infrastructure Security is predicated on an Asset Model to identify the data or systems which require special attention and to gather logs from these systems and supporting infrastructure, perform regular vulnerability scanning and to use our NetSure360⁰ Security Management (SIEM) system to use this information to identify and prioritise alerts accordingly.
Whilst we love security technology (these five steps are underpinned by some groovy systems after all), the overwhelming volumes of log data from security systems specifically is rendered useless by information overload especially when applied generically to all assets.
We would love to explain this simple five step approach to you and make your work a safer place. If you would like to know more please contact us at: [email protected] or call 020 7517 3900.
At the end of the day, it must be remembered that Target’s Beth Jacobs has been a victim of circumstance and villainy and we wish her well.