Anyone who thinks that data security isn’t an issue these days need look no further than the recent IRS data breach for proof to the contrary. The breach, revealed publicly last week, affected some 100,000+ people. And it’s not just a problem facing the IRS. Data breaches have been reported at Target, Home Depot, Citigroup; and the list goes on.
The Identity Theft Research Center (ITRC) provides a reporting of data breaches that take place each year. The 2015 Breach List already contains an accounting of 315 breaches with over 102,962,007 people exposed. With breaches becoming such a common occurrence these days, the list is updated every Tuesday. You can even sign up to have the weekly updates sent to you via email.
You might think that all of the high-profile data breaches would prompt companies to invest in IT security and prepare themselves for the inevitable breach, but that might not necessarily be the case. A recent study from Pierre Audoin Consultants (PAC) suggests that many IT execs aren’t quite as prepared as they should be for a cyber-attack. According to the report, nearly 40 percent of the study’s respondents admitted they had no response plan in place to deal with security breaches. Of those that do have plans in place, only 30 percent update them regularly.
Clearly, more needs to be done to combat the threat of cyber-attack. The fact of the matter is that with the IT industry’s growing interest in the cloud and the availability of more and more online IT solutions, the risk of cyber-attack grows. That risk has to be mitigated.
For IT departments utilizing a Microsoft environment, the December 2014 Microsoft Security Intelligence Report outlined a number of steps that can be taken to minimize threats, such as:
Evaluate commercially available management tools, develop a plan, and implement a third-party update mechanism to disseminate non-Microsoft updates.
Ensure that all software deployed on computers in the environment is updated regularly. If the software provider offers an automatic update utility similar to Microsoft Update, ensure that it is enabled by default. See “Turn automatic updating on or off” at windows.microsoft.com for instructions on enabling automatic updates of Microsoft software.
Use Group Policy to enforce configurations for Windows Update and SmartScreen Filter. See Knowledge Base article KB328010 at support.microsoft.com and “Manage Privacy: SmartScreen Filter and Resulting Internet Communication” at technet.microsoft.com for instructions.
Set the default configuration for antimalware to enable real-time protection across all drives, including removable devices.
Enable Microsoft Active Protection Service (MAPS) advanced membership in Windows Defender and Microsoft Security Essentials in your organization to protect your enterprise software security infrastructure in the cloud.
For a complete listing of steps that can be taken to mitigate threats in a Microsoft environment, refer to the Microsoft Security Intelligence Report directly.
For the latest information on cyber-attacks and how to prevent them, check out the InfoSecurity Europe conference, which opened today in London and continues through the week. You can stay on top of all the news coming out of the event by downloading the conference’s mobile app or following the InfoSecurity conference on twitter at: https://twitter.com/hashtag/infosec15?src=hash. You can also view video from the conference at http://www.infosecurityeurope.com/en/media-centre/video-channel/Infosecurity-TV/ or on YouTube, including John McAfee’s comments on the biggest unsolved information security challenge.
For more details on intelligent security and interesting insight into protecting information assets, detecting incidents and response/recovery, download a free copy of the European Information Security Report 2015. There are also a number of resources on cybersecurity available from Microsoft at: https://www.microsoft.com/security/cybersecurity/, including the “Cyberspace 2025 Today’s Decisions, Tomorrow’s Terrain; Navigating the Future of Cybersecurity Policy” white paper. And don’t forget to sign up for the free web service “Have I been pwned?” to see if your accounts have been compromised.
This blog about storage and networking is sponsored by Microsoft.
Cheryl J. Ajluni is a freelance writer and editor based in California. She is the former Editor-in-Chief of Wireless Systems Design and served as the EDA/Advanced Technology editor for Electronic Design for over 10 years. She is also a published book author and patented engineer. Her work regularly appears in print and online publications. Contact her at [email protected] with your comments or story ideas.