An interesting article recently appeared on informit.com. It uses a fictional company as an example on how corporate information security defences can be breached. The article, How to Steal 80,000 Identities in One Day, goes through the various stages of an attack, including reconnaissance, identifying the weakest link and exploiting it. While it is a fictional account, it makes for interesting reading and one that should cause you to review your own security program and to see how best to improve it. Our take from the article are as follows;
- Ensure you have a comprehensive security awareness program in place.
- Your logs are your friends. Make sure you are monitoring not only for errors and alerts but unusual activity such as users logging in at unusual times. Our parent website, BH Consulting, has a comprehensive whitepaper on “Best Practises for Log Management“.
- Ensure your incident response plan is up to date and that you have established a relationship with law enforcement prior to a breach. Again our parent website has some whitepapers on incident response, our “Incident Handling and Management Guide” and “Improving Security – Incident Response (presentation given at NiTES seminar 2006)”
- Finally develop and implement comprehensive vulnerability and patch management processes.