Last updated at Tue, 25 Jul 2017 16:34:34 GMT

As most of you probably know, attackers routinely target exploitable weaknesses of security systems rather than pre-identifying victims for their attacks. Also, most breaches that occur in database security systems are avoidable without expensive or sophisticated countermeasures.

In its 2012 Data Breach Investigations Report, Verizon registered 174 million compromised records for 2011, compared with 4 million compromised records reported in the 2010 findings. This suggests that cybercriminals – responsible in 98% of the cases – have continued to automate and refine their attack methods.  The Verizon report also found that “97 percent of breaches were avoidable through simple or intermediate controls."

These statistics highlight that the top goal for security professionals should be protecting sensitive data. This requires a vulnerability management strategy that begins with a comprehensive assessment of security risk, consisting of:

  • selecting the right tools/ information security software for the job at hand
  • identifying the business' critical assets and vulnerabilities
  • verifying and prioritizing those vulnerabilities based on exploitability and overall score
  • finding gaps in security
  • testing and prioritizing mitigation tasks
  • establishing effective controls

This comprehensive assessment is part of the security risk intelligence cycle, which grows more complex with every new technology. Dynamic, virtualized environments and services outside traditional physical IT infrastructures, such as virtualized, cloud-based services and social networking add convenience but multiply the risk of breach or incident.

In a vulnerable information security environment, it is crucial for organizations to perform IT Risk Management and IT Risk Assessment processes to make better business decisions related to their security posture.

For a more in depth answer to questions like: “What do we fix first? How do we fix it? What level of risk are we willing to accept?” take a look at our white paper:

Leveraging Security Risk Intelligence - The strategic value of measuring Real Risk | Rapid7

Agree with our findings?  Disagree with our focus? Feel free to leave your thoughts in the handy comment bar provided below, and let us know what else you'd like us to focus on in the future.