Charles Henderson, a partner guest speaker from Trustwave, presented on the 2011 Trustwave Global Security Report. He enlightened the audience with many startling security statistics and trends. The Global Security Report is based on findings and evidence from work conducted by Trustwave’s SpiderLabs. There were more than 200 investigations and 2,000 penetration test results that contributed to the analysis and conclusions. You can download the report at https://www.trustwave.com/GSR
Here you can watch the beginning of Charles presentation:
Charles used the Trustwave Global Security Report to show the audience the top vulnerabilities which businesses encountered in 2010. This information is valuable in developing strategic initiatives to help businesses improve their overall security.
First and foremost, the most sensitive data that was at risk during this study was Payment Card Data. This made up a significant 85% of all breaches recorded. Additional eye-opening data revealed that self-detection of the breaches occurred in 28 days and for businesses that did not self-detect the breaches, discovery took up to 5x longer.
So from Charles we learned that hackers attack systems primarily for payment card data, and victims might not even know that their environment has been compromised. Many businesses are led to believe that they have a PCI compliant web environment…but a web host cannot make your entire environment PCI compliant. Businesses need to be proactive in knowing their responsibility to achieve security. The Trustwave Global Security Report shows which requirements businesses failed. Two shocking statistics show that 97% of breaches had insufficient firewall policies (Req #1) and 83% had the default/guessable password (Req #2). Charles stresses that these are extremely important and yet easy requirements to comply to.
Mr. Henderson also spoke on the evolution of attack vectors. Times have changed: hackers aren’t breaking into buildings anymore to steal things, they can stealthily go about the internet and infiltrate your network, email, wireless network, application, social network and even your mobile device.
At the conclusion of Charles’ presentation, he left the audience with 11 strategic initiatives to remain more secure:
- Assess, Reduce and Monitor Client-side Attack Surface
- Embrace Social Networking, but Educate Your Staff
- Develop a Mobile Security Program
- Use Multifactor Authentication
- Eradicate Clear-text Traffic
- Virtually Patch Web Applications Until Fixed
- Empower Incidence Response Teams
- Enforce Security Upon Third Party Relationships
- Implement Network Access Control
- Analyze All Events
- Implement an Organization-wide Security Program
Charles Henderson brought a lot of education to the audience at the ITX DSS event. Thank you to Charles and Trustwave for supporting the ITX Data Security Summit. Mr. Henderson will be speaking at the Pygotham conference September 16-17th in NYC, check back for more updates if you’d like to see him speak!
