It's Still a Good Idea: Security Basics

Information security experts keep harping on it: The most effective way to lock down systems is to follow some of the most simple security procedures (the kind that have been around for years but those that many organizations rarely do). Driving that point home is yet another report on security breaches, this one coming from Verizon Business Risk Team, which studied 500 security breaches that occurred between 2004 and 2007. According to its 2008 Data Breach Investigations Report, 87 percent of all security breaches could have been avoided "if reasonable security controls had been in place at the time of the incident." The team called this conclusion "perhaps the most significant statistic coming out of this historical analysis . . . ." (Unfortunately, Verizon waited until page 26 of the 27-page report to make this observation.)

Verizon Business recommended organizations make sure they follow already-established security policies and procedures (59 percent of all breaches occurred at organizations that had security policies but for whatever reason did not follow them), implement the most obvious controls first (83 percent of all attacks were not considered very sophisticated) and monitor your logs (82 percent of all attacks could be seen coming due to events listed in the logs).

As Verizon Business reported, these recommendations aren't sophisticated and "lack the panache of new gizmos," but they work.