2014 DBIR: How to Best Defend Against Nine Attack Patterns - Part 2 of 3

1,783 views
1,706 views

Published on

In part two of this series, learn about how organizations can protect themselves from the nine attack patterns identified in this year’s Verizon Data Breach Investigations Report. In addition to the top seven security recommendations, Verizon outlines specific steps to take against each of the nine patterns. Learn more in future installments about which of the nine attacks are most prevalent by industry. Download the full report here: http://vz.to/DBIR2014 View part 2 in this series here: http://www.slideshare.net/VerizonEnterpriseSolutions/2014-dbir-cyberthreats-by-industry View part 1 of this series here: http://www.slideshare.net/VerizonEnterpriseSolutions/2014-dbir-slideshare-9-attack-patterns-4-29-14

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,783
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
36
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

2014 DBIR: How to Best Defend Against Nine Attack Patterns - Part 2 of 3

  1. 1. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 1 2014 DBIR: How to Best Defend Against Nine Attack Patterns
  2. 2. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2 Be vigilant. Make your people your first line of defense. Keep data on a ‘need to know basis’. Patch promptly. Encrypt sensitive data. Use two-factor authentication. Don’t forget physical security. Seven Key Recommendations
  3. 3. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3 How can you defend against attacks? • Restrict remote access. • Enforce strong password policies. • Reserve POS systems for POS activities. • Use two-factor authentication. Our solutions • PCI professional security services POS Intrusions
  4. 4. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4 How can you defend against attacks? • Use two-factor authentication. • Consider switching to a static CMS. • Enforce login lockout policies. • Monitor outbound connections. Our solutions • Application Vulnerability Assessment Web App Attacks
  5. 5. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5 How can you defend against attacks? • Know your data. • Review user accounts. • Watch the exits. • Publish anonymized results of audits. Our solutions • Identity and Access Management Insider Misuse
  6. 6. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6 How can you defend against attacks? • Encrypt devices. • Back up data. • Physically lock down assets. Our solutions • Data Loss Prevention. • Data Discovery, Identification, and Security Classification Physical Theft and Loss
  7. 7. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7 How can you defend against attacks? • Implement a Data Loss Prevention solution. • Strengthen controls on publishing. • Teach staff about secure asset disposal. Our solutions • Data Loss Prevention • Data Discovery, Identification, and Security Classification Miscellaneous Errors
  8. 8. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8 How can you defend against attacks? • Patch anti-virus and browsers. • Disable Java in the browser. • Use two-factor authentication. • Implement configuration change monitoring. Our solutions • Monitoring and Analytics Crimeware
  9. 9. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9 How can you defend against attacks? • Use tamper-resistant terminals. • Train employees to watch for tampering. • Use tamper-evident physical and logical controls. Our solutions • PCI professional security services Payment Card Skimmers
  10. 10. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10 How can you defend against attacks? • Ensure that servers are patched promptly. • Segregate key IP/servers. • Test your anti-DDoS service. • Have a plan, and a backup, for when an attack happens. Our solutions • DOS Defense Denial of Service
  11. 11. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11 How can you defend against attacks? • Patch vulnerabilities promptly. • Use anti-virus, and keep it up to date. • Train users to spot danger signs. • Keep good logs. Our solutions • Monitoring and Analytics Cyber-espionage
  12. 12. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 12 An Unprecedented Data Set 2014 Data Breach Investigations Report • 50 contributing organizations. • 63,000+ security incidents. • 1,367 confirmed data breaches. • 95 countries covered.
  13. 13. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13 50 contributors from around the world
  14. 14. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 14 To download the full report, the executive summary, infographic, and other DBIR materials, please visit http://vz.to/DBIR2014. Learn More

×