On Fri, Jul 18, 2008 at 11:32 AM, <[EMAIL PROTECTED]> wrote: > On Fri, 18 Jul 2008 11:14:52 EDT, "Young, Keith" said: >> > I think Verizon Business's recent report (based on over 500 actual data breach > incidents) is fairly credible. I'd certainly believe that insiders racked up > 70% or more of the financial loss, even if they aren't 70% of the incidents. > > The executive summary: > > http://www.verizonbusiness.com/about/news/displaynews.xml?newsid=25135&mode=vzlong&lang=en&width=530 > > 87% would have been preventable via reasonable security measures. > 75% were discovered by a third party, not the victims. > 66% involved data the victims didn't even know was on the system. > > The full report: > > http://www.verizonbusiness.com/resources/security/databreachreport.pdf > >
Absolutely. This has nothing to do with a real study by Verizon (very nice, BTW, and thanks for the link). It is the legendary, over-quoted "FBI estimate" - that no one can find - that is the issue. The CSI/FBI survey (pick a year - any year) is a close contender, but none of them have ever explicitly stated the 70% Lie, and inferring that they do state it is quite a leap. And of course "CSI/FBI" != "FBI". The issue is not what the number "really is". The issue is the FBI never published it and journalists should stop using it until they can link to the facts. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
