It will never happen to us. We know what we are doing. We are too small to be a target. Besides, we have a firewall, intrusion detection system and some really talented people in place to protect us from these so-called hackers. We are good. Technology always works and we just let it sit and run. We are good to go!
Think again my friends.
The Verizon 2010 Data Breach Investigation Report, along with the Secret Service, compiled some interesting data. And you know what, it seems common trends affect all sizes and shapes. These trends are people and the mistakes they make.
The statistics also outlined some interesting facts. 85% of attacks were not considered highly difficult, 86% of victims had evidence of the breach in their log files and 96% of breaches were avoidable through some simple intermediate control. What does this really mean? People, people and more people are making these mistakes. People will continue to make mistakes, with good or bad intentions, and these will be made at small and large corporations alike. There are no differences. Hackers are constantly scanning the Internet and harvesting information looking for weak entry points. These entry points are gateways to large, small and companies in between. Hackers are equal opportunists. They don’t discriminate.
So, what can you (we) do?
Check, double check and check again. We need people to be diligent and to have checks and balances in place. We all make mistakes. We should try to get to a point where auditing, formal review and diligence work towards aligning the technical aspects of information security along with the often flawed element of people. It is not an easy task, but do we really have a choice?
Tim Trow is a Senior Consultant at Zensar.