Two hikers are walking through the woods when a huge brown bear suddenly appears in the clearing about 50 feet in front of them. The bear sees the campers and begins to head toward them. The first guy drops his backpack, digs out a pair of sneakers, and frantically begins to put them on.

The second guy says, “What are you doing? Sneakers won’t help you outrun that bear.”

The first guy replies, “I don’t have to outrun the bear. I just have to outrun you.”

In information security you don’t have to outrun the bear, you just have to be better than the next guy. Verizon’s 2012 Data Breach Investigations Report is an interesting read (if you’re interested in security) but there are two startling statistics that literally jump off of page 3. The following is from the executive summary of the report (emphasis added):

  • 79% of victims were targets of opportunity
  • 96% of attacks were not highly difficult

The takeaway from these statistics is that exposure can be greatly reduced through low cost, common sense controls.  For smaller businesses, Verizon recommends implementing a firewall and/or Access Control List (ACL) on remote access services.  They also recommend changing the default password for Point-of-Sale systems. Really, default passwords should be changed on all systems, not just POS. But this post is meant to scare you, not lecture you.

By implementing these two simple steps, which can cost less than $150, your small organization will be further along than the next business.  In fact, the Verizon report includes a convenient cutout to give your favorite concern about protecting your identity with these easy to implement controls. (That will be a fun conversation with the waiter, “Here is my credit card and some low cost solutions to minimize the risk of a data breach. Put the tip on the card.”)

And based on the above statistics, by reducing the opportunity to execute simple attacks, you have technologically outmaneuvered the attackers; they are more likely to move on if these basic defenses are in place. And while your system will probably not be impenetrable, you don’t need to outrun the bear.

You just have to be faster than your hiking buddy.