Are Corporate America's Networks Prepared to Fend Off Targeted Security Attacks?; Latest CSI, FBI Survey, Legislation and Breach Security Suggest Heightened Security Awareness & Security Practices.CARLSBAD, Calif. -- Breach Security Inc., the provider of next-generation Web application security to protect privileged information, today underscored the results of several recent high profile surveys, research and legislative action that encourages security professionals taking stock and suggested action, while noting doing little can have dire consequences for consumers and corporations. Impact of security breaches, their source, and legislation Today, with holiday purchases right around the corner, 41 percent fewer purchases are being made online as compared to last year. (Source: Conference Board survey, June 2005) Information security breaches are reported at the rate of one in every three days in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. with over half of the publicized incidents pointing to external hackers, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Privacy Rights Clearinghouse's identification of compromised date publicized since February 2005. Just recently the Computer Security Institute (CSI CSI Crime Scene Investigator CSI CompuServe, Inc. CSI Commodity Systems, Inc. CSI Commodity Systems Inc. (Boca Raton, FL) CSI Crime Scene Investigation (CBS TV show) CSI Christian Schools International ), with the participation of the San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden Federal Bureau of Investigation's Computer Intrusion An incident of unauthorized access to data or an automated information system. Squad, released its 10th annual survey. The survey questioned 700 security practitioners from large corporations, government agencies, medical institutions and universities. Its results indicate organizations need to raise their level of security awareness Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization. because threats from computer crime and other information security breaches are real, with more sophisticated attacks on the rise as well as financial loss for the consumer and the enterprise. The survey notes theft of proprietary information significantly increasing in more than double the average loss per respondent reported from last year. Today, 20 states require organizations to notify individuals if sensitive information such as Social Security, driver's license Noun 1. driver's license - a license authorizing the bearer to drive a motor vehicle driver's licence, driving licence, driving license license, permit, licence - a legal document giving official permission to do something and financial account numbers is reported to unauthorized people and other states have introduced such legislation. (Source: Baker & McKenzie www.bakernet.com) The increase in security reports and congressional hearings on computer security follows the watershed ChoicePoint event in February where cyber criminals obtained 145,000 customer accounts. "With the public paying closer attention to identity theft, it becomes a societal issue of extreme importance," said Marc Shinbrood, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Breach Security. "When companies typically contact us, it's following a targeted attack against their private data -- when they're working to determine where and how the breach occurred, how to fix it, and are addressing legislation requirements/issues about notifying internal and external customers. This, what we call the 'Exit Control Strategy,' takes on a heightened level of importance." How security professionals can be more proactive "Web applications have become essential parts of companies' business strategies," said Andrew Jaquith, senior analyst at the Yankee Group (the Yankee Group, Boston, MA, www.yankeegroup.com) A major market research, analysis and consulting firm founded in 1970 by Howard Anderson. It provides general consulting and strategic planning in the computer and communications field. . "At the same time, targeted, malicious attacks against these applications are increasingly sophisticated. First generation Web application security solutions kept communications confidential using SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. . But encryption isn't enough; in today's climate, companies need solutions that protect the integrity and availability of Web transactions as well." Web application security provider Breach Security suggests tips and best practices to help organizations "fend off" these targeted attacks -- even if they believe existing security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security are "working." Security Tips, Best Practices 1. Understand that Web applications have become the weakest link in the security infrastructure of the organization. These applications are exposed to the world and provide cyber criminals with an unprecedented opportunity to extract critical privileged information from corporate databases. 2. Test applications for security defects during the development and QA cycles to identify and remediate areas of risk before the application is deployed. 3. Realize that even securely developed applications are at risk due to servers that are misconfigured and known vulnerabilities in middleware components, such as pHp scripts and ColdFusion objects. 4. Recognize the limits of network intrusion detection See IDS and IPS. and prevention systems to defend against application-layer attacks on Web applications. Most cannot be customized for the unique vulnerabilities of each Web application. Further, many such systems do not support real-time decryption (cryptography) decryption - Any procedure used in cryptography to convert ciphertext (encrypted data) into plaintext. of SSL-encrypted Web application traffic and are blind to many application-layer attacks. 5. Implement a Web application protection solution with a positive security model and forensics See computer forensics. capabilities. A combination of secure coding and a defensive prevention solution provides the most comprehensive protection against Web application attacks. Forensics capabilities are necessary to limit the scope of reporting requirements to the specific customers whose privacy data was affected rather than all customers who may have been affected. This step is an absolute necessity if an organization has been unsuccessful at implementing secure coding procedures or is using outsourced code in their application. 6. Prepare an Emergency Response Plan. One hundred percent protection against Web-based attacks doesn't exist. An Emergency Response Plan will provide the details for the steps to be taken should a breach occur. This will include details on what to do to identify and repair the application, what to do with the application while it is being fixed and how to notify customers whose privacy data was accessed. About Breach Security Inc. Breach Security Inc. provides next-generation Web application security to protect privileged information. Breach, a leader in the emerging market for Intelligent Web Application Security, addresses today's security needs by delivering solutions for enterprises and government agencies alike to comprehensively protect Web applications against attack and resolve security challenges such as identity theft, information leakage Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless. For example, when designing an encrypted instant messaging network, a network engineer without the capacity to crack your , regulatory compliance, and insecurely coded applications. Breach was founded in 2004 and is headquartered in Carlsbad, Calif. For more information visit www.breach.com. Breach Security and the Breach logo are trademarks of Breach Security Inc. All other product names mentioned herein may be trademarks of their respective companies. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion