Your Risk Management Magazine
Unpatchable vulnerabilities behind most data breaches

Font size : + -

email print

The biggest data breach threats to companies comes from unpatchable vulnerabilities, such as the use of stolen credentials, SQL injections and the exploitation of application/system backdoors, according to Verizon.

While such vulnerabilities cannot be patched, they are preventable through well-known security practices, and as such, risk management professionals should check for effective security practices and see that they are applied consistently and at all times.

Mark Goudie, managing principal (Asia Pacific) – investigative response, Verizon Business, said that some of the greatest challenges that risk and security management professionals face is that a lot of the risk and security knowledge has been developed through common knowledge of the risks.

“We believe that many of these risks have been overstated (such as patching versus SQL injection) and that most organisations believe patching and antivirus will keep them safe,” he said.

“Antivirus software and patching are only a part of the security picture. Other security measures such as file integrity monitoring, intrusion detection/prevention systems and log monitoring must also be used and constantly monitored to ensure organisations are not compromised.”

Commenting on Verizon’s US 2010 Data Breach Report, Goudie recommended that

risk management professionals consider revisiting the threat of an unpatched vulnerabilities.

For example, the report found that 60 per cent of breaches continue to be discovered by external parties – and then only after a considerable amount of time.

And while most victims have evidence of a breach in their security logs, the report found they often overlook them due to a lack of people, tools or processes.

Furthermore, the report found that most data breaches investigated were caused by external sources, with 69 per cent of breaches attributed to these sources, while only 11 per cent were linked to business partners.

A sizeable 49 per cent were caused by insiders, and many breaches involved privilege misuse, with 48 per cent attributed to users that abused their right to access corporate information for malicious purposes.

An additional 40 per cent of breaches were the result of hacking, while 28 per cent were due to social tactics and 14 per cent to physical attacks.

  • Bookmark & Share
go back
Your comment
Risk management is the place for positive industry interaction and welcomes your professional and informed opinion.
eNewsletter

Breaking news, video interviews, opinion and analysis delivered straight to your inbox. Subscribe now
Categories

Home   |    Advertising   |    About Us   |    Contact Us   |    Privacy Policy  

© 2012 Key Media Pty Ltd.