Data: Key to Breach Prevention

Verizon: Improved Monitoring Will Reduce Incidents

By , July 23, 2012.
Data: Key to Breach Prevention

Most data breaches could be prevented, if organizations did more to keep an eye on their databases, says Chris Novak, a member of Verizon's investigative response team.

See Also: Cybersecurity, Digital Transformation and Resiliency - A Lesson for Financial Services Institutions

According to Verizon's 2012 Data Breach Investigations Report, most organizations don't know how to look for breaches because they don't really know how to monitor their data.

"They generally know what data they have, but they don't necessarily know where they have it and how it's being handled," Novak says in an interview with Information Security Media Group's Tracy Kitten (transcript below).

Without a basic inventory or data flow map, companies will continue to be challenged with how they secure data and respond to breaches.

To improve breach investigations, organizations need to:

  • Enhance Collaboration: "Nobody knows you better than you know yourself," Novak says. When an outside investigator comes in to assist after a breach, organizations need to communicate and explain how they operate.

    "Then we can use the experience that we have, the investigative tools and methodology, to dig into what might have occurred and help them figure it out."

  • Assess Capabilities: Knowing what an organization can and can't do is critical. Novak recommends organizations develop incident classification matrixes, "something that says these are the different types of scenarios that we could anticipate having." Based on the different levels or severity of the anticipated breach, an organization may decide it's better to handle the investigation in-house or being in an outside forensics team.
  • Consult with General Counsel: Especially in highly regulated industries, organizations need to speak with their internal general counsels, especially those legal experts who specialize in data privacy, legislation and notification. If they don't have anyone internal, then they should seek outside advice.

    "Understanding what all [the regulations] mean and how to interpret them is very critical," he says.

  • Preserve the Information: This includes log, data and event details, Novak says. "A lot of organizations struggle with preserving that data and preserving the systems," he says. But preservation of information will help an organization determine whether it should lean toward prosecution after a hack or not.

During this interview, Novak discusses:

  • How breach response plans can be the difference between catastrophe and triumph;
  • Why it's critical for all organizations to understand varying state and international breach notification laws, regulations and guidelines;
  • The special challenges global organizations face in breach prevention and response planning.

Novak works in Verizon's investigative response unit.

Today's Breach Environment

TRACY KITTEN: Data breaches are posing increasing challenges for organizations that fall across a number of industries, as well as sectors. In fact, according to Verizon's newest Data Breach Investigations Report, 2011 saw 850 breaches across 174 million stolen records, the second highest data loss that the Verizon risk team has seen since it began collecting data in 2004. Can you give us a quick background about today's current environment and why numerous industries are seeing upticks in breaches?

CHRIS NOVAK: As you mentioned, we've seen a dramatic uptick over the last year, not just in the number of breach investigations, but also in the number of compromised records. I think the breadth of what we're seeing across all these industries is also the result of a new role that hacktivism is playing in the cyber realm, if you will. We've all heard of hacktivism in the past, but it's never been quite as pronounced as the data is really showing us from this year's report. It tells us that it's not all about the money like it used to be. We're always going to see your typical financial situations, your smash and grabs, but to give you an idea, 58 percent of the 174 million compromised records that you mentioned were actually the result of hacktivism, which I think will surprise a lot of folks. They hear about it in a lot of different things throughout the media and the role that hacktivism has played in social and political environments, but when you start to see the way that it impacted from a data breach, data privacy, perspective, I think that's quite substantial.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE White House Creates IT Director Post

David Recordon, a founding member of the OpenID Foundation, had been Facebook's engineering...

Latest Tweets and Mentions

ARTICLE White House Creates IT Director Post

David Recordon, a founding member of the OpenID Foundation, had been Facebook's engineering...

The ISMG Network