Let’s see what we can learn from this year’s data breaches.Read our data visualization: 2016 PCI DSS Data Breach Trends.
We analyzed the breached organizations our forensics team investigated this past year to see if any trends and patterns were happening in 2016. By looking at past data breaches, we can help organizations protect themselves against future ones.
SEE ALSO: 2016 Data Breach Predictions from SecurityMetrics PCI Compliance Guide
Here are a few trends we discovered:
The vulnerability window is still wide open
The average breached organization was vulnerable for 1,021 days.That’s a lot of time for hackers to find a way into your network. The problem many organizations have with vulnerability is they don’t realize they’re vulnerable until it’s too late and they’ve already been breached.
- Install intrusion detection/prevention systems: having these systems can help you prevent potential breaches before they even happen
- Pay close attention to your firewall logs: make sure your organization looks into it when someone tries to log into your network 1,000 times at 3 in the morning
Insecure remote access is still a huge issue39% of breached organizations were breached through insecure remote access. Hackers love it when organizations use remote access, because it’s often not fully secure, providing them an easy pathway to their sensitive data. While working from home may be more convenient for your employees, if you’re not securing it properly, you’re putting your data at risk.
- Limit employee access to remote access: not everybody in your organization has to use it, limiting access prevents potential vulnerabilities
- Implement multi-factor authentication: passwords and usernames can be easily guessed; have employees use a code sent to their phone, or call someone up to open remote access to them
Password security is weak22% of breached organizations were breached through weak passwords. For many organizations, it’s easier to use simple passwords and share passwords among systems. While that may be good for convenience, it’s terrible for security. Passwords made with common dictionary words are easily guessed by hackers and can be cracked with the right tools.
- Do NOT share passwords: Your systems should all have unique passwords on them. If one is breached, it doesn’t put the rest at risk
- Use a passphrase: avoid using dictionary words and use a combination of numbers, letters, and symbols
Firewalls aren’t configured properly89% of breached organizations had a firewall in place at the time of compromise, and 44% of firewalls didn’t meet PCI requirements. Firewalls need to have their rules configured to meet PCI requirements. Having a firewall doesn’t automatically make your organization more secure, especially if you don’t define and review the firewall rules.
SEE ALSO: Firewalls 101: 5 Things You Should Know
- Configure your firewall to filter inbound and outbound traffic: make sure your firewalls aren’t letting in traffic you don’t want
- Consider managed firewall services: configuring firewalls is a technical process, so getting a third party to manage your firewall may be a good step
What can we learn?Some things to remember from this year are password security, securing remote access, and PCI compliant firewalls. Make sure your firewalls perform properly and are configured to your organization’s unique environment. You should also implement policies on password and remote access security, and consistently train your employees on them.
In general, organizations need to be more aware of the state of their data security. If you have the mentality that a data breach will never happen to you, it’s likely already happened.
Want to learn more about our PCI forensic investigation results from 2016? Check out our data visualization: 2016 PCI DSS Data Breach Trends.