Posted by samzenpus on Thursday June 12, @07:57AM
from the did-you-update-the-windows dept.
from the did-you-update-the-windows dept.
Dr. Jim Anderson writes "The good folks over at Verizon Business have released a report that summarizes what they've found after looking through 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest ones ever reported. What did they find? How about (1) Nearly nine in 10 corporate data breaches could have been prevented had reasonable security measures been in place, (2) Fewer than 25 percent of attacks took advantage of a known or unknown vulnerability and (3) attacks from Asia, particularly in China and Vietnam, often involve application exploits leading to data compromise, while defacements frequently originate from the Middle East."
2 comments:
Busted1942:
The Verizon study spotlights an important topic for debate. Legally speaking, what is "reasonable security?" FTC punished TJX for not having it, but I argue FTC was wrong. Verizon says 9 of 10 data breaches could have been avoided if "reasonable security" were present. That implies 9 in 10 breach victims were in violation of law. The study's outlook is that the solution to identity theft is locking down corporate data. But a security consultant/solution provider like this Verizon unit naturally sets a high bar for what is reasonable. And when Verizon evaluates if reasonable security could have prevented a break-in, it does so with benefit of hindsight. Yet the study goes on to say that in modern systems knowing where all your data reside is "an extremely complex challenge." In other words, the sheer problem of locating data (so you can apply security) is very expensive, and mistakes by data-holders who act in good faith are easy. The reasonable measures expected by FTC and Verizon are extravagantly hard to implement in practice. Hence, the portion of incidents preventable by FTC/Verizon's reasonable procedures is much lower than 90%. We need to focus more attention on other solutions to identity theft. What do you think? --Ben http://hack-igations.blogspot.com/2008/03/ftc-treats-tjx-unfairly.html
Hi Ben, you have obviously given this a lot of thought an research. You have no doubt figure out that this originally came from Slashdot and I felt that 90% sounded high as well. ID theft is a tricky issue to address and I think that we should tackle the issue from any angle where we can make progress. I am sure that they were probably trying to stir up the community to stir up sales but even it the true number were half their stated number, it is still very significant.
Post a Comment