Security musts for 2013
❖ Educate employees: employees leave the door open to attacks when they pick weak passwords, click on phishing links, and share company information on public platforms.
❖ Identify users: a significant number of breaches occur as a result of an attacker obtaining access to a user’s account.
❖ Register assets: maintain a complete inventory of valid devices, control environments to avoid unknown devices gaining access, and regularly assess patch levels and vulnerabilities.
❖ Protect data: implement data lifecycle methodology to govern data from creation to destruction.
❖ Unify activity logs: security information and event management (SIEM) technology can consolidate processing of logs for both physical and information security.
❖ Visualise events: use the right data sources, SIEM analytics, and data modelling to identify threats ‘innately’ and respond quickly.
> 75.2% of a typical organisation’s inbound e-mail is spam.
> About 10% of spam e-mails are malicious.
About the report
The report collects and analyses data from:
> 450 global data breach investigations
> 2 500 penetration tests
> 9 million web application attacks
> 2 million network and vulnerability scans
> 3 million user passwords
> 5 million malicious websites
> 20 billion e-mails
Data source: Trustwave