Story image

How to prevent data breaches

06 May 15

Multi-dimensional attacks using a variety of tools can put sensitive data at risk, and many businesses are failing to protect themselves adequately from the increasingly-sophisticated techniques used by cyber criminals to target physical and virtual data centres.

Palo Alto Networks vice president for Australia and New Zealand Armando Dacal
says it is important for organisations to see how the threat landscape and cyber criminals’ techniques are changing. 

“Businesses are at great risk of suffering significant financial and reputational damage as cyber criminals target data centres to steal financial data,” he says.

Palo Alto Networks says the risk of a network breach constantly increases as cyber crime techniques evolve. In 2014, 783 data breaches resulted in the loss of more than 85 million records from organisations around the world. 

“The number of data breaches this year is already tracking worse than 2014,” the company says in a statement. “Cyber criminals using automated attacks cost business millions of dollars in missed revenue by compromising customer data.”

Dacal adds, “An organisation is only as strong as its weakest entry point. A prevention mindset should drive effective strategy and organisations must consider multiple points working together to prevent all aspects of an attack.”

Palo Alto Networks has identified four key ways to prevent data breaches:
1. Block evasion techniques. Organisations can block the different techniques attackers can use to evade detection and establish command-and-control channels. This increases the effectiveness of monitoring tools that can detect malware and suspicious network activity.
2. Prevent malware. Preventing both unknown and polymorphic malware from being installed lessens the risk of data being stolen from the organisation. Applications that are unknown or behave in an unexpected manner should be blacklisted and made unavailable for installation.
3. Block vulnerability exploitation. Organisations can block the different techniques that attackers must follow to exploit vulnerabilities. This decreases the overall attack surface available to cyber criminals and makes it more difficult, and potentially expensive, for them to penetrate the organisation.
4. Proactively monitor. Organisations that closely monitor and control communications are better prepared to recognise when legitimate identities are hijacked. This helps to protect the organisation from malware moving laterally through the network. Detection technologies and incidence response should be coupled with a preventative mindset to stop criminals from penetrating systems.

“It is impossible to keep up with threats if the organisation’s only answer is to clean up after the attack,” Dacal says. “Businesses need to feel confident that the enterprise security platform prevents advanced threats at all steps in the attack kill chain.” 

52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Platform9 aims to allow enterprises to run Kubernetes instantly
Snapfish, HPE, and Juniper use Platform9’s hybrid cloud solution to deliver a modern cloud infrastructure-as-a-service experience.
DigiPlex’s data centre heat reuse system wins award
Its solution to reuse heat to warm thousands of local homes took out the accolade at the recent 2018 Energy Awards.
STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.
Opinion: A data centre manager's Christmas wish list
In this time of merriment and cheer there is one thing everyone is not-so-secretly waiting for: Presents.
Golden opportunities for enterprise e-waste reduction
E-waste is a hot topic in tech circles, and Park Place's EMEA MD believes there could be huge opportunities if data centres and enterprises improve their practices.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.