Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Breach Study Spanning 500 Break-Ins Released

Posted by samzenpus on from the did-you-update-the-windows dept.

Dr. Jim Anderson writes "The good folks over at Verizon Business have released a report that summarizes what they've found after looking through 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest ones ever reported. What did they find? How about (1) Nearly nine in 10 corporate data breaches could have been prevented had reasonable security measures been in place, (2) Fewer than 25 percent of attacks took advantage of a known or unknown vulnerability and (3) attacks from Asia, particularly in China and Vietnam, often involve application exploits leading to data compromise, while defacements frequently originate from the Middle East."

2 of 71 comments (clear)

  1. Re:Actual report by morgan_greywolf · · Score: 5, Insightful

    Definitely required reading for any CxO!
    CxOs don't read things like this. Instead, they usually read advertisements that say BS things like "buy our product and you'll never have any security problems again!"

    That's why 9/10 attacks involved totally preventable breaches -- if reasonable security had been in place.

    --
    My blog
  2. Re:Aarrgghhh!!! by Tanktalus · · Score: 4, Insightful

    Apparently, someone is trying to make Rumsfeld out to be an idiot. Though that he may be, IMO this quote is actually fairly insightful, if somewhat poorly worded. I've had a similar saying (is it a saying if I'm the only one saying it?): "There are three types of people in the world. Those who don't know what they're doing and know they don't; those who know what they're doing and know they do; and those who don't know what they're doing but think they do. It's the last group that screws everything up for the other two groups." The thing to realise is that everyone falls into all three categories for different aspects of our lives, and the challenge is to tell the difference for each situation to try to avoid being in the last group.

    In Rumsfeld's quote, "known knowns" are the areas where we are in the middle group: knowing what we're doing, and knowing that. "Known unknowns" are the areas where we don't know what we're doing and know we don't. And "unknown unknowns" are the last group: things we think we know, but don't. (Ok, that's not quite precisely what he's talking about, but it's analogous.) And that last group is the most dangerous one.