Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

9 Steps to Slowing and Stopping Your Next Data Breach

Data breaches are such an anxiety inducer because you never know when they're coming, you're often slow to address them - meaning attackers may have full run of your network before you even know they're there, and you may be unsure, at least initially, what the end goal is.

The intruders may be determined to steal personal information, such as credit card and Social Security numbers, that can be used for identity theft. Maybe they're after a different type of data, like intellectual property, which they can leverage for blackmail. Or perhaps they'll eschew the theft goal altogether and just want to surveil or sabotage your operations.

And when data compromises do happen - and they are an almost virtual certainty - they'll deliver an enormous financial blow in terms of downtime, clean-up, lost productivity and sales, customer attrition and more.

Indeed, data breaches are extravagantly costly and take on many shapes and sizes - but they are all addressable by taking generally similar steps. The guidance below is lifted directly from the 2017 Trustwave Global Security Report, and you will notice while there are some technical advisements sprinkled in, many of the recommendations are pretty obvious.

That's because contrary to what movies depict, cybercriminals don't need to conjure up some elaborate plan to infiltrate a target organization. Oftentimes, the front door is conveniently held open for them through, for instance, an unpatched application or a weak password or an employee who falls for a phishing message.

Here's a reality check for your bosses and stakeholders: You can never create a completely fortified environment because risk is always at play. Patching can take days or weeks at a time and cost a lot of money, strong passwords can be cracked or evaded, and human psychology is such that you can never create a perfectly security-conscious employee.

But you can lower your propensity to be compromised and the damage that hackers can cause once they're inside. You most certainly can reduce your exposure while simultaneously growing your ability to respond and restore faster. You just need to be defiant and smarter. The steps below provide a baseline of what you should be doing.


1) Configure Your Firewalls       

  • Restrict inbound and outbound access to and from the network.  
  • Confine inbound access only to those services (open ports) necessary to conduct business.  
  • Restrict outbound traffic to only trusted sites or IP addresses.  
  • Prohibit systems connected to a payment processing environment to "surf" the web.  
  • Do not locate systems that are not part of the payment-processing environment or required to conduct business within the same network segment. 
  • Audit all firewalls for accessible ports and services.  
  • Ensure all firewalls are hardware-based and provide stateful packet inspection (SPI) capabilities.


2) Perfect Your Password Policies 

  • Follow password complexity requirements for all personal computers, servers, firewalls, routers and other network devices.  
  • Require users to change passwords at least every 90 days.  
  • Render all passwords either stored or transmitted unreadable using strong encryption.  
  • Require each user to have a unique account so systems personnel can track activities on a system.  
  • Avoid using generic or default account names.  
  • Change all passwords to which the employee had access when they leave the company.


3) Configure Your Systems  

  • Ensure system-hardening guidelines are in place to address known vulnerabilities and security threats. Base system configuration on industry-standard best practices.  
  • Configure the operating system (OS) to clear the pagefile.sys upon reboot for Windows environments.  
  • Configure the OS to disable restore points for Windows environments.  
  • Ensure there are no unauthorized modifications to systems in the environment (i.e. use of external storage, TrueCrypt volumes, unsupported software).  
  • Implement a strong change-control process to track all changes made to systems in the environment.


4) Secure Remote Access 

  • Use two-factor authentication for all remote access into the environment. Two-factor authentication normally is a method requiring something a user knows (password) and something the user has (token, certificate).  
  • Ensure third-party remote access turns off by default and authorized users only enable it when needed. Third-party remote access must be an on-demand solution. 
  • Enable auditing and logging for remote access into the environment.


5) Manage Your Patches       

  • Update the operating system within 30 days of vendor-released security patches/hotfixes. 
  • Keep applications and plug-ins current with the latest vendor-supplied security patches.


6) Scan for Vulnerabilities Internally and Externally 

  • Conduct regular external and internal scanning to proactively find and remediate vulnerabilities.  
  • Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade.


7) Log and Monitor Security Threats  

  • Configure Windows event logs to capture security, application and system events on all systems.  
  • Retain logs for at least 90 days on the system and one year offline.  
  • Conduct a daily review of the logs from all devices. Procedures should be in place for escalations of critical alerts.  
  • Implement an intrusion detection system (IDS).  
  • Implement file-integrity monitoring (FIM) software.


8) Remove Any Malware  

  • Rebuild a system that you suspect does or did contain malware to fully confirm the removal of the threat.  
  • Ensure anti-virus software is current on all systems and configure it to update virus definitions. Also, ensure there is a valid virus definition license and the software is properly accessing new definitions.


9) Firm Up Your General Security Policies and Procedures 

  • Conduct employee security awareness training at least annually to educate employees on information security best practices.  
  • Only use systems that handle sensitive data for business purposes.  
  • Implement strict monitoring to ensure misuse (i.e. installing computer games or unlicensed software) does not occur.


One of the underlying - but not-so-secret - causes of data breaches is the prolonged security skills shortage facing many organizations. Above, we laid out the fundamentals you should be applying at your business to resist breaches, but the fact is your adversaries are growing more sophisticated, which is necessitating an equally advanced response.

Calling in the outside experts is becoming more of an imperative, both as a proactive measure to help you improve your detection and threat hunting capabilities - particularly on endpoints, where attackers typically establish their initial foothold - and also to aid with incident readiness and response efforts.

Dan Kaplan is manager of online content at Trustwave.

Latest Trustwave Blogs

Understanding Your Network's Security Posture: Vulnerability Scans, Penetration Tests, and Beyond

Organizations of all sizes need to be proactive in identifying and mitigating vulnerabilities in their networks. To help organizations better understand the value and process of a vulnerability scan,...

Read More

Email Security Must Remain a Priority in the Wake of the LabHost Takedown and BEC Operator’s Conviction

Two positive steps were taken last month to limit the damage caused by phishing and Business Email Compromise (BEC) attacks when a joint action by UK and EU law enforcement agencies compromised the...

Read More

Defining the Threat Created by the Convergence of IT and OT in Critical Infrastructure

Critical infrastructure facilities operated by the private and public sectors face a complex and continuously growing web of security threats that are compounded by the increasing convergence of...

Read More