Focus on IT security basics to prevent breaches, urges latest Online Trust Alliance report

A group of experts has issued another call for infosec pros to focus on implementing basic IT security protocols if they want to reduce the growing number of breaches of security controls.

“What is very clear is that there are too many cyber incidents creating an unacceptable level of financial impact,” says the annual analysis of cyber security incidents for the previous year by the Online Trust Alliance, which was released Tuesday. “Addressing these threats comes back to a basic set of core best practices that require discipline to implement and maintain.”

“As in past years, OTA found most breaches could have been easily prevented,” the group said in a news release accompanying the report. It believes that in 2018, 95 percent of all breaches could have been avoided through simple and common-sense approaches to improving security.

Part of the Internet Society, the alliance promotes best security and privacy practices.

The report draws conclusions from examining a number of publicly available threat intelligence reports for 2018 from Risk Based Security, the Identity Theft Resource Center, the Privacy Rights Clearinghouse, DLA Piper, Symantec, the FBI, and others.

It points out trends that others have spotted: Ransomware attacks seem more focused on organizations than individuals, distributed denial of service attacks were down, attacks on supply chains of organizations, use of business email compromise, and credentials stuffing were up.

“While it’s tempting to celebrate a decreasing number of breaches overall, the findings of our report are grim,” said Jeff Wilbur, technical director of the OTA. “The financial impact of cybercrime is up significantly and cybercriminals are becoming more skilled at profiting from their attacks. So, while there may be fewer data breaches, the number of cyber incidents and their financial impact is far greater than we’ve seen in the past.”

Among the lessons to be learned from the biggest breaches of 2018 is the importance of ensuring third-party access to organizations is secure, the need for ongoing diligence in monitoring for vulnerabilities and unauthorized access, and keeping only necessary data and securing it properly.

However, the real heart of the report are three pages of guidelines:

-A list of 10 core cyber readiness principles starting with responsibility for incident protection and readiness is organization-wide, not just IT, and ending with the need to be transparent in the event of a security incident.

-A 12-point checklist for IT leaders to lean on if they want guidance on what to do starting with complete risk assessments for executive review, operational process and third-party vendors, and ending with understanding the regulatory requirements, including relevant international requirements.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now