Saturday, April 9, 2011

March - The month of attacks and breaches

March was full of major attacks and breaches, here are some of them:


These attacks show that adversaries continue to find ways to exploit systems, applications and networks and organizations need to rethink their strategies to defend against it. These attacks also show that the adversaries are continuing to look to extract sensitive information or disrupt the systems for their own gain.

Many organizations suddenly started to realize that even they have some important data that is valuable to the attackers. They now realize that how easy it is for the attackers to take the data. They now realize that their investment in information security (both process and people wise) is just not enough. They now realize that the management commitment to information security is not enough. They now realize that they need to do more.

Organizations should go back to basic and start with identifying critical data, where it is stored, who owns them, who has access, what are the risks, what security mechanisms are in place and how to improve that. Organizations should concentrate more on preventive techniques and implement strong monitoring mechanisms as additional controls.

Organizations must also realize that if we don’t start doing it now, we will be forced to do it through more regulations by the government and other entities.

Ok, so that was in March, how does April look? Not good, there are two reports of high profile intrusions already.



No comments: