[Dataloss] [Fwd: Bank Technology News Intelligencer: Verizon Says 9 Out of 10 Breaches Preventable]

Arshad Noor arshad.noor at strongauth.com
Thu Jun 12 17:50:55 UTC 2008 

What does say for the "reasonable practice" argument (attributed to
Carroll Towing) that I hear so often on this list ?  Does this report
indicate that breached companies be held liable for not doing enough?

Arshad Noor
StrongAuth, Inc.

Verizon's PR:
http://newscenter.verizon.com/press-releases/verizon/2008/verizon-business-releases.html

Full report is at:
http://www.verizonbusiness.com/resources/security/databreachreport.pdf


--- Quote---

Some of the findings may be contrary to widely held beliefs, such as 
that insiders are responsible for most breaches. Key findings include:

     * Most data breaches investigated were caused by external sources. 
Thirty-nine percent of breaches were attributed to business partners, a 
number that rose five-fold during the course of the period studied.

     * Most breaches resulted from a combination of events rather than a 
single action. Sixty-two percent of breaches were attributed to 
significant internal errors that either directly or indirectly 
contributed to a breach. For breaches that were deliberate, 59 percent 
were the result of hacking and intrusions.

     * Of those breaches caused by hacking, 39 percent were aimed at the 
application or software layer.  Attacks to the application, software and 
services layer were much more commonplace than operating system platform 
exploits, which made up 23 percent. Fewer than 25 percent of attacks 
took advantage of a known or unknown vulnerability.  Significantly, 90 
percent of known vulnerabilities exploited had patches available for at 
least six months prior to the breach.

     * Nine of 10 breaches involved some type of "unknown" including 
unknown systems, data, network connections and/or account user 
privileges. Additionally, 75 percent of breaches are discovered by a 
third party rather than the victimized organization and go undetected 
for a lengthy period.

     * In the modern organization, data is everywhere and keeping track 
of it is an extremely complex challenge. The fundamental principle, 
however, is quite simple - if you don't know where data is, you 
certainly can't protect it. "

--- End Quote---



-------- Original Message --------
Bank Technology News Intelligencer

Verizon Says 9 Out of 10 Breaches Preventable

<http://www.americanbanker.com/btn_article.html?id=20080611WB3VD1I8&email=y>

Here's one the board of directors won't want to hear: nine out of 10
corporate data breaches could have been prevented; this according to a
report by Verizon Business that looked into 500 forensic investigations.

More information about the Dataloss mailing list