Verizon's Data Breach Investigations Report is a pot of gold
Verizon's 2008 Data Breach Investigations Report is worth its weight in gold, even when you print it on the thickest paper available.
Data breaches. You’ve gleaned all you can from the headlines; now you have access to information directly from the investigator’s casebook. The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world.
This sort of detailed information has so far only been available to a selected few, while the rest of us have had to speculate. That is now over, and anyone can make decisions based on facts now.
I know different people are going to focus on different aspects but, for me, these stand out:
- In 62% of the cases errors contribute significantly to data breaches. This means that even if you erradicate insecurity in your applications the breaches are still going to continue.
- In 53% of the cases the attackers took days, weeks and months to compromise a system after making a successful entry.
- In 55% of the cases no skills or low skills were used to carry out the attacks.
- In 85% of the cases the attacks were entirely opportunistic.
I urge you to read the report in full, and a few times over.
Maybe things will get better now that we have RatProxy web application security audit tool, generously donated to the Open Source Security Solution Providers pool by our great friend Google. :)
Posted by: nikolas | July 04, 2008 at 08:50 PM