You may be wondering what caused a security breach, or how it actually occurred, and also be totally unaware that you were not even targeted, but you merely fell prey to a random attack- At least, that’s what a recent report by Verizon indicates: Nearly eight out of ten cyber attacks in 2011 were committed against victims of opportunity rather than targeted users. This was just one of the many findings revealed in the report. Another finding shows that 97% of the time hackers use relatively simple methods in their security attacks.
Consequently, what you may be describing as a highly sophisticated security breach is most often a simple attack technique used by a hacker. However, the report does point out that these attacks become more sophisticated at a later stage after hackers gain initial access to your network or data. Security experts like Marcus Carey (researcher at Rapid7) also agree with this report. He says that there are hardly any credible reports showing a high percentage of advanced attacks. According the Carey organizations don’t necessarily have to be a big target to be attacked.
While on the positive side, this indicates that smaller organizations can protect themselves from security attacks relatively well by simply ensuring that their security fundamentals are taken care of, on the negative side enterprises which have invested on sophisticated security tools may end up failing drastically in meeting some fundamental security requirements.
What are these fundamental requirements?
According to Carey, organizations should focus on:
- Implementing proper vulnerability management
- Educating users about these requirements
- Implementing network-based access control lists
But not all sophisticated security solutions offer these basic capabilities. Very few solutions like eGestalt’s SecureGRC come with the ability to provide end-to-end security and support on an on-going basis. Designed to tackle all possible security situations whether fundamental or advanced, SecureGRC, unlike any other solution, ensures that all your security issues are resolved, and all requirements are taken care of.