The 2012 Verizon Data Breach Investigations Report released last week continues to reverberate. The stats that jumped out at me: 96 percent of data breaches were relatively easy for attackers to pull off, and 97 percent of those attacks were easily avoidable.
[ Also on InfoWorld: Find out what other security threats the 2012 Verizon Data Breach Investigations Report turned up. | Download InfoWorld's Log Analysis Deep Dive Report by security expert Roger Grimes. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
According to the report, 85 percent of victims were unaware of their compromised state for weeks- to months-long stretches. When they did become aware, 92 percent of the time it was because an outside third party told them. That's embarrassing.
In which group would you rather be? The 85 percent hanging their heads in shame or the 15 percent who had a clue?
I know InfoWorld readers care more than the average IT working stiff. It's why you read our publication and this blog in particular. I also realize that our readers are tasked with dozens of different projects every year, each one a high priority that overrides previous priorities.
But the bottom line is this: If you don't have a good security event logging program, become the champion in your organization and create one.
If you're not familiar with the basics of event log monitoring, see InfoWorld's Log Analysis Deep Dive Report. It will give you a great summary of all the pieces and parts needed to start putting a solid event log management program in place.
You should enable event log monitoring on all managed workstations and servers. Don't make the mistake of only monitoring servers -- 99 percent of the malicious action begins on a regular end-user's workstation before it spreads to the servers holding the data. Often, by the time attackers reach the servers, they are operating with an elevated end-user's credentials, and event log monitoring becomes much tougher.