Brief authors say most breaches today result from organizations stumbling on basic security practices

October 30, 2013

2 Min Read


AMSTERDAM, Oct. 29, 2013 /PRNewswire/ -- RSA CONFERENCE EUROPE 2013

News Summary:

-- Expert consultants and security leaders from EMC, Raytheon and RSA

assert that organizations large and small are recognizing they have a

responsibility to improve their security posture not just for themselves

but also for business and supply chain partners.

-- Security consultants report more organizations are commissioning

security assessments on a proactive basis, not just following a breach.

-- RSA Security Brief highlights that basic security lapses still

contribute to most security incidents.

-- New reportidentifies top areas for improvement and provides practical

guidance on measures that deliver the greatest impact on organizations'

ability to respond to cyber attacks and data breaches.

Full Story:

Authors of a new Security Brief released today by RSA, The Security Division of EMC (NYSE:EMC), titled "Taking Charge of Security in a Hyperconnected World"

observe that more organizations are proactively improving their readiness for cyber threats. While concerns arise about the escalating threat environment, the report asserts that efforts to improve readiness and response capabilities are also driven by growing recognition among today's interconnected business communities that organizations must assume broader responsibility for protecting themselves and their business partners.

Authors of the new RSA Security Brief also claim that most breaches today result from organizations stumbling on basic security practices. Common problems found to contribute to most breaches include:

-- Neglecting "security hygiene" - In forensic evaluations following

security attacks, missed software updates frequently surface as

exploited vulnerabilities.

-- Relying exclusively on traditional threat prevention and detection tools

- Most security teams still wait for signature-based detection tools to

identify problems rather than looking for more subtle indicators of

compromise on their own, even though traditional firewalls, antivirus

scanners and intrusion detection systems (IDS) cannot discover the truly

serious problems.

-- Mistaking compliance for good security - Most compliance mandates

reflect best practices that should be interpreted as minimum standards,

not sufficient levels, of security.

-- Inadequate user training - Many companies don't invest enough time and

resources in user training, even though users today are the first line

of defense against many cyber attacks.

The report's authors--all seasoned security consultants and leaders of corporate security operations centers--recommend that organizations proactively undertake objective evaluations of their security posture. Such evaluations can generate hundreds of recommendations for improvement. The authors contend that in most cases, 20% of recommended improvements will typically account for 80% of potential security benefits.

Depending on the unique needs of each organization, identifying which recommendations will yield the greatest impact can prove challenging. To help organizations determine which potential security improvements to prioritize, the RSA Security Brief identifies and elaborates on eight recommendations that, in the authors' experience, often deliver outsized positive results:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights