It’s almost summer and it appears to be that time again – time for cyber security to dominate the headlines: EU agreed to create a cybercrime unit; Citigroup announced a data breach affecting 200,000 Citibank credit card accounts in North America (1% of its credit card customers); and in brighter news, three people suspected to be responsible for the April denial-of-service (DoS) attacks on Sony were arrested.
Financial institutions and governments aren’t the only ones susceptible to attack. Sony is frequently in the headlines, its name linked with “leaks,” “hacks,” and ‘breaches” – a PR nightmare. In 2009, Sony couldn’t keep its product roadmap a secret, with Engadget posting leaked photographs of the PS3 Slim and Sega of America publishing meeting notes. This April, the PlayStation Network was hacked and taken offline. A few days later, Sony was in the news again: a compromise of Sony Online Entertainment that affected 24.6 million customers. To put this in perspective, Sony’s recent breach affects 120x the number of people impacted by the Citigroup breach. Analysts estimate the cost of the breach to Sony to be between $1.6 million to $1.25 billion.
Here are two things you can do today that will improve your ability to respond to breaches.
1. Review and update your processes.
According to a July 2010 study by Verizon Business RISK team, 67% of network breaches were aided by significant errors, with 87% considered avoidable through simple or intermediate controls. Are your processes up to snuff? Are your employees following them? Is it time for retraining?
2. Record the breach.
Your Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) can alert you to a security attack or block a repeat attack. But what if you find out about the attack when you’re not watching or after the fact? If you weren’t recording your network traffic, you may miss valuable data. Network recorders, such as the TimeLine Network Recorder, are appliances designed to capture, store, analyze, and mine high speed network traffic. With the recording you can determine exactly how an attack happened, what damage has been done, and perhaps even the source of the breach.