38% OF PAYMENT CARD BREACHES WERE DUE TO ABUSE OF ACCESS PRIVILEGES AND GUESSABLE CREDENTIALS: STUDY
PCI and RISK Intelligence teams of Verizon have recently published a report titled “Verizon 2010 Payment Card Industry Compliance Report‘. The report is the result of detailed analysis of nearly 200 PCI assessments done by Verizon Qualified Security Assessors (QSAs) during 2008 and 2009. The sample for the analysis included a mix of organizations of various types.
The report lists out top threat actions based on 2008-2009 payment card breaches investigated by Verizon IR team. Of the ten threat actions, exploitation of default or guessable credentials and abuse of system access/privileges are found to be the cause for 38 % of the breaches.
Time and again, we have been highlighting in this column two very important facts: 
  1. the security threats caused by the insiders of the enterprises – either disgruntled staff or greedy techies or sacked employees
  2. stolen identities, default credentials, guessable passwords could be serving as the ‘hacking channel’ for many cyber-crimes 
The Verizon study once again lends credence to the belief that Improper management of the administrative passwords and  lack of effective internal controls often remain at the root of a good number of security threats. 
What is the way out?
One of the effective ways to achieve internal controls is to deploy a Privileged Password Management Solution that could replace manual processes and help achieve highest level of security for the data. 
Though the reality is that it is not possible to prevent/avoid all security incidents, the ones hat happen due to lack of effective internal controls are indeed preventable. 
Password Manager Pro, a trusted solution precisely helps achieve this. A secure vault for storing and managing shared administrative passwords and digital identities, Password Manager Pro helps eliminate password fatigue and security lapses, achieve preventive and detective security controls, meet security audits and improve IT productivity.
With insider threats looming large, taking preventive action is the need of the hour. Use Password Manager Pro and Stay Secure!
Complete details of the Verizon 2010 Payment Card Industry Compliance Report: http://www.verizonbusiness.com/resources/reports/rp_2010-payment-card-industry-compliance-report_en_xg.pdf
Bala