Internal or External...
June 2008
Verizon study links external hacks to internal mistakes. A study published yesterday by Verizon Business offers a new look at one of security’s oldest problems and arrives at a new conclusion: While most breaches are executed by external attackers, the attacks are usually facilitated by security failures that were overlooked by internal staff, often for a long period of time. In the study, which was generated by analyzing data from more than 500 forensic investigations conducted between 2004 and 2007, Verizon reports that 73 percent of data breaches resulted from external sources. This includes breaches caused by business partners, a source of vulnerability that increased fivefold during the study. Only 18 percent of breaches were caused by insiders. But that does not mean internal parties do not contribute to the problem, Verizon asserts. In fact, the study also reveals that 62 percent of data breaches can be attributed to a significant error in internal behavior. Sixty-six percent of the breaches involved data that the victim organization did not know was on the system, and 75 percent of breaches are discovered by a third party, rather than someone inside the organization. These seemingly contradictory bits of evidence -- that most breaches are perpetrated by outsiders but facilitated by errors inside -- indicate that most security breaches are crimes of opportunity, in which a door is left open and attackers simply walk in, Verizon suggests. In fact, the study states specifically that 83 percent of attacks resulting in breaches are “not highly difficult” for the attacker. Eighty-five percent are the result of “opportunistic attacks,” rather than targeted schemes, and 87 percent of the breaches probably could have been avoided through the proper enforcement of security controls, Verizon says.
Verizon study links external hacks to internal mistakes. A study published yesterday by Verizon Business offers a new look at one of security’s oldest problems and arrives at a new conclusion: While most breaches are executed by external attackers, the attacks are usually facilitated by security failures that were overlooked by internal staff, often for a long period of time. In the study, which was generated by analyzing data from more than 500 forensic investigations conducted between 2004 and 2007, Verizon reports that 73 percent of data breaches resulted from external sources. This includes breaches caused by business partners, a source of vulnerability that increased fivefold during the study. Only 18 percent of breaches were caused by insiders. But that does not mean internal parties do not contribute to the problem, Verizon asserts. In fact, the study also reveals that 62 percent of data breaches can be attributed to a significant error in internal behavior. Sixty-six percent of the breaches involved data that the victim organization did not know was on the system, and 75 percent of breaches are discovered by a third party, rather than someone inside the organization. These seemingly contradictory bits of evidence -- that most breaches are perpetrated by outsiders but facilitated by errors inside -- indicate that most security breaches are crimes of opportunity, in which a door is left open and attackers simply walk in, Verizon suggests. In fact, the study states specifically that 83 percent of attacks resulting in breaches are “not highly difficult” for the attacker. Eighty-five percent are the result of “opportunistic attacks,” rather than targeted schemes, and 87 percent of the breaches probably could have been avoided through the proper enforcement of security controls, Verizon says.
posted by arkietechs at 8:00 AM
0 Comments:
Post a Comment
<< Home