The Global Payments Inc. breach that threatens MasterCard and Visa cardholders is a stark reminder of the massive risk data theft poses to consumers, financial institutions, and retailers.
1. Establish a computer incident response team
Include and get buy-in from all key stakeholders. You should feel comfortable calling that team in and executing your plan should an incident arise.
Most organizations with this type of team will have at least one, if not multiple, compliance and regulatory obligations. Yet many do not, and often fall back on an ad hoc approach that can be ineffective and expensive.
If you work jointly with a partner for investigative response, practice with them.
2. Employ egress (outbound) firewall restrictions to curb outbound traffic
Few organizations have alerts configured to indicate when egress attempts are tested.
Most malware today have exfiltration capabilities designed to take this lack of security into consideration and, as a result, data exfiltration happens with most victims being completely unaware.
If more organizations had egress firewall restrictions in place, the security community would be much further ahead on the discovery and detection curve.
3. Implement identity and access management
This is no small undertaking. But organizations routinely face the daunting task of determining who within their organizations should have access to various systems, applications, data, and so on.
Far too many organizations provide greater access than is needed for a given job function. As a result, an external perpetrator needs only to gain access to a single user’s account that has extended privileges—and then the exfiltration begins.
4. Practice network segmentation
Similar to the identity and access management problem where users have more access than they should, many organizations have poor network segmentation which essentially allows systems and applications to have more access then they should.
As a result, a small and sometimes insignificant security issue can quickly spread and balloon into a large-scale crisis.
Even if the organization is fortunate enough to not have a breach touch every part of its organization, having poor network segmentation may mean that you still need to perform a large-scale investigation to be sure.
5. Perform network scanning regularly
This is one of the least expensive discovery mechanisms an organization can have in its tool belt. Many of the attacks Verizon sees are targets of opportunity.
Many perpetrators use preliminary vulnerability scanning to identify their next victim. You should know what the bad guys know about your security weaknesses—and remediate the identified vulnerabilities promptly.
Consumer education is another important piece of the security puzzle. Verizon Enterprise Solutions suggests financial institutions advise their customers to: