3. Failing to find SQL coding errors.
The most common hacking attack -- representing 79% of all compromised records -- is against an SQL database that is connected to a Web server. The way that hackers get into these systems is to enter an SQL command in a Web-based form. If the form is coded properly, it shouldn't accept SQL commands. But sometimes developers accidentally create what are called SQL injection errors.
Tippett says the easiest way to prevent these errors is to run an application firewall in "learn" mode so that it can watch how users enter data into a field and then put the application firewall in "operate" mode so that SQL commands can't be injected into a field. The SQL coding problem is widespread. "If a company tests 100 servers, they will probably find a SQL injection problem on 90 of them," Tippett says.
Often, companies fix only the SQL injection errors on their critical servers, forgetting that most hackers get into their networks through non-critical systems. Tippett suggests that network managers segment their networks using access control lists to restrict servers from talking to nonessential devices. This would prevent a hacker from gaining widespread access to data through an inevitable SQL coding error.
4. Misconfiguring your access control lists.
Segmenting your network using access control lists is the simplest way to make sure that systems communicate only with the systems that they should. For example, if you allow business partners to access two servers on your network through your VPN, you should use the access control lists to make sure that these business partners only have access to these two servers. Then if a hacker comes into your network through the opening for business partners, the hacker can only get into the data on these two servers.
"Often a bad guy coming into the network through the VPN has access to everything," Tippett says. Indeed, having properly configured access control lists would have protected 66% of the records that were compromised last year, according to the Verizon report. The reason CIOs don't take this simple step is that it involves using your routers as firewalls, and many network managers don't want to do that.
5. Allowing nonsecure remote access and management software.
One of the most popular ways for hackers to get into your network is to use a remote access and management software package, such as PCAnywhere, Virtual Network Computing (VNC) or Secure Shell (SSH). Often, these software applications are lacking the most basic security measures, such as good passwords.
The simplest way to find this problem is to run an external scan across your entire IP address space to look for PCAnywhere, VNC or SSH traffic. Once you find these applications, put extra security measures on them such as tokens or certificates in addition to passwords. Another option is to scan the Netflow data of your external facing routers and see if you have any remote access management traffic flowing across your network.
This problem is common enough to account for 27% of the compromised records in the Verizon Business report.