E-mail archiving is a regulatory requirement for many industries. This preservation is a mandatory safeguard that creates a record of all employee communication. Some e-mail archiving regulations are addressed below in respect to each regulatory issue.
Financial Industry Regulatory Authority and SEC
FINRA is the largest independent regulator of securities firms doing business in the US. The regulations for securities firms are strict and require the preservation of electronic business records for 3-6 years, depending on the nature of communication. All messages must be stored in the original form and in a tamper proof, non-modifiable and non-erasable storage device. The data must also be stored in multiple locations with timestamps and ID for indexing and search. More about SEC and FINRA compliance requirements can be found here.
Healthcare Insurance Portability and Accountability
HIPAA is a regulation for protecting health information. There are numerous requirements but the main goal is to secure data at all levels and to provide a complete record of ALL communications for up to 6 years. It is necessary to store data to maintain a record in case of an audit or patient complaint.
E-mail archiving for compliance is a necessary function. If your organization is interested in learning more about a compliant E-mail archiving solution, NetSentry Live, please contact us directly at 1-888-50NETSENTRY.
Wednesday, November 10, 2010
Tuesday, October 19, 2010
How Does Sensitive Data Leave Your Network?
This post references the Verizon 2010 Data Breach Investigations Report
Malware
Malware factored into 38% of 2009 cases and 94% of all data lost. Malware is loaded onto the network by various methods that constantly evolve and keep pace with network security. The main goal of malware is to collect sensitive information without being discovered. Once collected, the data is used in many different ways. In many cases, the data is sent out of the network and back to the host computer. In this case, if the company were to have network monitoring software active, they could distinguish between valid/invalid outbound traffic.
Employee Misconduct
Employees play a major role in data leakage. Whether it be for financial gain, to directly harm the company or both it is pertinent that employee network usage is monitored. Simple internet surfing by idle employees could lead to malware being installed on the corporate network. Records of websites visited, with exact reconstruction, is the first step in damage control if a breach occurs.
The Verizon report states "We advocate paying attention to what goes out of your network and what changes take place within your systems." Additionally it states that any periodic, odd sized, trending, or further suspicious outbound activity is grounds for investigation. This can be accomplished with many tools, but often a simple traffic analyzer will not let capture the actual files that are sent out of the Network.
NetSentry Live undetectably monitors network Internet traffic and captures, reconstructs, and stores original content in a searchable database. With its real-time alerts, NetSentry can provide the insight to identify both who and when suspicious or malicious Internet activity happens on your network. Never before has a network monitoring and forensics tool been so powerful and as easy to use as NetSentry. Adding NetSentry Live to your DLP strategy gives your business a best-in-class tool that produces the complete evidence when the leak happens.
Malware
Malware factored into 38% of 2009 cases and 94% of all data lost. Malware is loaded onto the network by various methods that constantly evolve and keep pace with network security. The main goal of malware is to collect sensitive information without being discovered. Once collected, the data is used in many different ways. In many cases, the data is sent out of the network and back to the host computer. In this case, if the company were to have network monitoring software active, they could distinguish between valid/invalid outbound traffic.
Employee Misconduct
Employees play a major role in data leakage. Whether it be for financial gain, to directly harm the company or both it is pertinent that employee network usage is monitored. Simple internet surfing by idle employees could lead to malware being installed on the corporate network. Records of websites visited, with exact reconstruction, is the first step in damage control if a breach occurs.
The Verizon report states "We advocate paying attention to what goes out of your network and what changes take place within your systems." Additionally it states that any periodic, odd sized, trending, or further suspicious outbound activity is grounds for investigation. This can be accomplished with many tools, but often a simple traffic analyzer will not let capture the actual files that are sent out of the Network.
NetSentry Live undetectably monitors network Internet traffic and captures, reconstructs, and stores original content in a searchable database. With its real-time alerts, NetSentry can provide the insight to identify both who and when suspicious or malicious Internet activity happens on your network. Never before has a network monitoring and forensics tool been so powerful and as easy to use as NetSentry. Adding NetSentry Live to your DLP strategy gives your business a best-in-class tool that produces the complete evidence when the leak happens.
Guardian Digital Forensics Hires Don Gilman as Vice President
Raleigh, NC – Guardian Digital Forensics, a Raleigh based Digital Forensics Consulting company is pleased to announce the addition of a new member to its NetSentry management team - Vice President of Market Development, Don Gilman. NetSentry is proud to have Gilman on board and is excited to utilize his expertise and experience to expand our market reach.
Gilman brings with him over twenty years of management and leadership experience coupled with a consulting background. He enjoys the art of building relationships and tackling difficult challenges, which is why he has a reputation for developing innovative solutions to business problems.
He has recently served as Ambassador for the North Carolina Technology Association and as VP of Strategy and Director of Service Delivery for the North Carolina Chapter of the Project Management Institute. Additionally he holds the following certifications: Certified Project Manager in Construction, Certified Project Manager in Information Technology, Certified Information Systems Auditor from ISACA, as well as, Certified LEAN Six Sigma Green Belt.
Friday, October 8, 2010
Internal Threats in Data Breaches
This post references the Verizon 2010 Data Breach Investigations Report.
The three origins of data breaches are external, internal and partner agents. The origins are not exclusive and a data breach can have attacks from one or multiple agents. This post will focus the internal threat and include recommendations to help protect against internal attacks. In 2009, the role of insider agents in data breaches doubled compared to 2008 figures. This increase is partly due to an influx of insider cases from the U.S. Secret Service but it also reflects the constant threat from insiders in cases analyzed by Verizon.
Internal agents act with different motives and possess varying levels of intelligence. The similarity that 90% of internal agents share is that they act deliberately. Only 4% of insiders who contribute to a data breach act unintentionally. The other 6% are insiders who carry out inappropriate behavior and because of their actions a breach occurs. The report states that employees who commit data theft have more than likely been cited for network misuse in the past. Should corporations more closely monitor employees that have network misuse infractions? It is a preventative measure that is less costly than having to mitigate a data breach.
51% of internal data breaches come from regular employees, noting personnel that handle cash on a regular basis as main culprits. The finance and accounting staff account for 12% of internal breaches, as they have access to corporate accounts and financial data. Additionally, Systems and network administrators accounted for 12% of breaches. Executives accounted for 7%, Helpdesk staff 4%, Software developers 3%, Auditors 1% and unknown 9%. The access to confidential data, especially without necessity, can lead to data breaches. Unnecessarily high user IT privileges contribute to many of the breaches and should be more closely monitored.
Below are some tips, implied from the report, that will help secure internal networks.
The three origins of data breaches are external, internal and partner agents. The origins are not exclusive and a data breach can have attacks from one or multiple agents. This post will focus the internal threat and include recommendations to help protect against internal attacks. In 2009, the role of insider agents in data breaches doubled compared to 2008 figures. This increase is partly due to an influx of insider cases from the U.S. Secret Service but it also reflects the constant threat from insiders in cases analyzed by Verizon.
Internal agents act with different motives and possess varying levels of intelligence. The similarity that 90% of internal agents share is that they act deliberately. Only 4% of insiders who contribute to a data breach act unintentionally. The other 6% are insiders who carry out inappropriate behavior and because of their actions a breach occurs. The report states that employees who commit data theft have more than likely been cited for network misuse in the past. Should corporations more closely monitor employees that have network misuse infractions? It is a preventative measure that is less costly than having to mitigate a data breach.
51% of internal data breaches come from regular employees, noting personnel that handle cash on a regular basis as main culprits. The finance and accounting staff account for 12% of internal breaches, as they have access to corporate accounts and financial data. Additionally, Systems and network administrators accounted for 12% of breaches. Executives accounted for 7%, Helpdesk staff 4%, Software developers 3%, Auditors 1% and unknown 9%. The access to confidential data, especially without necessity, can lead to data breaches. Unnecessarily high user IT privileges contribute to many of the breaches and should be more closely monitored.
Below are some tips, implied from the report, that will help secure internal networks.
- Use network surveillance software with packet re-construction and forensics analysis capabilities for quick user identification, evidence and prosecution requirements in case of a breach.
- Develop a corporate wide "Breach Plan" including personnel, time frames and budget considerations.
- Distribute internet usage policy with clearly defined rules for all possible infractions.
- Quarterly review of user IT privileges in an attempt to prevent unnecessary access and a possible motivator for data theft.
- Monitoring of all top level users with access to valuable corporate information.
- Monitoring of all employees with certain level of network misuse infraction.
Monday, October 4, 2010
External Threats in Data Breaches
This post references the Verizon 2010 Data Breach Investigations Report.
From 2004-2009, over 87% out of approximately 919 million data records were compromised by external threats. I agree with the authors of the report in stating that this is one of the most powerful statistics in the paper. The harm caused by external threats is clearly the most costly to organizations. The more valuable the information an organization has the more secure its network security has to be, plain and simple. External threats in 2009 comprised 70% of breaches and 98% of records. Internal threats in 2009 comprised 48% of breaches and 3% of records.
The types of external threats and percent of breaches include Organized Crime (24%), Unaffiliated person(s) (21%), external systems (3%), activitst groups (2%), former employees (2%), other organizations (1%), competitor (1%), customer (1%) and unknown (45%). Organized crime is the largest identified threat agent. This is not unusual as organized criminals, located all over the world, have the resources to infiltrate networks and extract valuable data. Geographically, 21% of external breaches orginate from Eastern Europe, including Russia. North America origin accounts for 19% of breaches and East Asia accounts for 18%. Unknown origination accounts for 31% . Interestingly, in 2009 Verizon cases, East Asia rose to the top spot for external breach origination, while a majority of the unknown origination is suspected of coming from East Asia.
The unknown in both external threats and external threats origination is a result of breach victims not seeking out an answer to who or where their attack came from. This is often a purely financial decision or the attacker can not be identified. Most breach cases handled by the US Secret Service have a determined suspect and origination due to prosecution.
What does it all mean? Cyber-crime is not new. The number of external agents with the knowledge to access sensitive corporate data on "secure" networks is not shrinking. The constant battle to develop secure applications as old security is compromised will not end. Corporations need to be vigilant and consistently monitoring network security and procedures to stay ahead of external threats.
From 2004-2009, over 87% out of approximately 919 million data records were compromised by external threats. I agree with the authors of the report in stating that this is one of the most powerful statistics in the paper. The harm caused by external threats is clearly the most costly to organizations. The more valuable the information an organization has the more secure its network security has to be, plain and simple. External threats in 2009 comprised 70% of breaches and 98% of records. Internal threats in 2009 comprised 48% of breaches and 3% of records.
The types of external threats and percent of breaches include Organized Crime (24%), Unaffiliated person(s) (21%), external systems (3%), activitst groups (2%), former employees (2%), other organizations (1%), competitor (1%), customer (1%) and unknown (45%). Organized crime is the largest identified threat agent. This is not unusual as organized criminals, located all over the world, have the resources to infiltrate networks and extract valuable data. Geographically, 21% of external breaches orginate from Eastern Europe, including Russia. North America origin accounts for 19% of breaches and East Asia accounts for 18%. Unknown origination accounts for 31% . Interestingly, in 2009 Verizon cases, East Asia rose to the top spot for external breach origination, while a majority of the unknown origination is suspected of coming from East Asia.
The unknown in both external threats and external threats origination is a result of breach victims not seeking out an answer to who or where their attack came from. This is often a purely financial decision or the attacker can not be identified. Most breach cases handled by the US Secret Service have a determined suspect and origination due to prosecution.
What does it all mean? Cyber-crime is not new. The number of external agents with the knowledge to access sensitive corporate data on "secure" networks is not shrinking. The constant battle to develop secure applications as old security is compromised will not end. Corporations need to be vigilant and consistently monitoring network security and procedures to stay ahead of external threats.
Wednesday, September 29, 2010
Does Organizational Size Determine Data Breach Frequency?
The table discussed in this post is found on page 11 of the Verizon 2010 Data Breach Investigations Report.
According to the table, the highest percentage of data breaches occurs in to 1,001 to 10,000 employee firm. The report makes a key point of noting that it’s possible and logical that organizational size has little affect on the possibility of suffering a data breach. The probability of a breach is more correlated with the value of information in a firm rather than the number of employees. Surprisingly, firms with over 100,000 employees have the lowest percentage of data breaches. I infer that these massive corporations put an incredible amount of resources into data loss prevention, maintenance and corporate technology policies that drive the low data breach rates. Similarly, a smaller, 1-10 employee firm with little valuable data does not have the need or resources for an expensive data loss prevention strategy. The conclusion is, as the report states, the size of the organization has a minor impact on the rate of data breaches. The real driver of data leakage is the type of information stored within the network. If your organization has valuable information, it is prudent to develop a secure Data Loss Prevention Strategy.
Monday, September 27, 2010
Verizon 2010 Data Breach Investigations Report Discussion
Verizon 2010 Data Breach Report PDF
The 2010 Data Breach Investigations Report is an analysis of data from actual breach cases worked on by Verizon and the US Secret Service. The results of the report should be required reading for all IT professionals as well as anyone interested in the current state of corporate data breaches, IT security and cyber-crime.
The 2010 dataset includes 141 breach cases worked in 2009 by Verizon and the US Secret Service. The amount of data records compromised in these studies is over 143 million. The sheer amount of data provides a solid set for analysis.
Over the next few weeks, in related posts, we will discuss some of reports main points.
Demographics of Data Breaches
Out of the 141 confirmed cases, the top three industries, based on breach incidents, are Financial Services, Hospitality and Retail. Not surprisingly, 94% of all compromised records were attributed to Financial Services. It is concluded that the financial service industry has the highest value information and also the largest volume of high value information. The Hospitality and Retail industries are increasing targets because of their Point of Sale systems and consumers reliance on payment cards. The number of breaches for the Hospitality and Retail industry will only increase as more electronic data is transacted and stored. It is up to these industries to adopt more stringent protection policies of their customer’s data.
Geographically, the U.S. has the highest reported incidences of data breaches. It is not surprising given the vast amount of international and domestic financial transactions taking place daily in the U.S. The authors of the report also highlight a key reason for the reported U.S. cases:
U.S. businesses are responsible for large amounts of confidential information. As the report points out, much data breach risk can be removed by establishing usage policies that are pro-active and constantly maintained. This requires constant support by each person in the organization, as a chain is only as strong as its weakest link.
All information sourced from Verizon 2010 Data Breach Report PDF
The 2010 Data Breach Investigations Report is an analysis of data from actual breach cases worked on by Verizon and the US Secret Service. The results of the report should be required reading for all IT professionals as well as anyone interested in the current state of corporate data breaches, IT security and cyber-crime.
The 2010 dataset includes 141 breach cases worked in 2009 by Verizon and the US Secret Service. The amount of data records compromised in these studies is over 143 million. The sheer amount of data provides a solid set for analysis.
Over the next few weeks, in related posts, we will discuss some of reports main points.
Demographics of Data Breaches
Out of the 141 confirmed cases, the top three industries, based on breach incidents, are Financial Services, Hospitality and Retail. Not surprisingly, 94% of all compromised records were attributed to Financial Services. It is concluded that the financial service industry has the highest value information and also the largest volume of high value information. The Hospitality and Retail industries are increasing targets because of their Point of Sale systems and consumers reliance on payment cards. The number of breaches for the Hospitality and Retail industry will only increase as more electronic data is transacted and stored. It is up to these industries to adopt more stringent protection policies of their customer’s data.
Geographically, the U.S. has the highest reported incidences of data breaches. It is not surprising given the vast amount of international and domestic financial transactions taking place daily in the U.S. The authors of the report also highlight a key reason for the reported U.S. cases:
The report notes that in the past two years the international caseload has increased consistently in Asian-Pacific and Western-European countries.“The reason we hear more about data beaches in the U.S. stems from mandatory disclosure laws. Outside the U.S. breach disclosure differs significantly. Some countries are still silent on the matter, others encourage it but don’t require, and some even discourage disclosure. (9)"
U.S. businesses are responsible for large amounts of confidential information. As the report points out, much data breach risk can be removed by establishing usage policies that are pro-active and constantly maintained. This requires constant support by each person in the organization, as a chain is only as strong as its weakest link.
All information sourced from Verizon 2010 Data Breach Report PDF
Subscribe to:
Posts (Atom)