Recommendations for Enterprises
1. Eliminate unnecessary data. Unless there is a compelling reason to store or transmit data, destroy it. Monitor all important data that must be kept.
2. Establish essential security controls. To effectively defend against a majority of data breaches, organisations must ensure fundamental and common sense security countermeasures are in place and that they are functioning correctly. Monitor security controls regularly.
3. Place importance on event logs. Monitor and mine event logs for suspicious activity - breaches are usually identified by analysing event logs.
4. Prioritise security strategy. Enterprises should evaluate their threat landscape and use the findings to create a unique, prioritised security strategy.
Recommendations for Small Organisations
1. Use a firewall. Install and maintain a firewall on Internet-facing services to protect data. Hackers cannot steal what they cannot reach.
2. Change default credentials. Point-of-sale (POS) and other systems come with pre-set credentials. Change the credentials to prevent unauthorised access.
3. Monitor third parties. Third parties often manage firewalls and POS systems. Organisations should monitor these vendors to ensure they have implemented the above security recommendations, where applicable.
One final thing. There is always an intriguing security / encryption puzzle associated with the image on the cover. This year's report sees no exception to that tradition - Verizon usually offers a prize to the first person to report the solution (how to claim the prize has previously formed part of the final stage of the puzzle).