Re: Stop The 70% Lie

["The Security Community" <thesecuritycommunity () gmail com>]

On Fri, Jul 18, 2008 at 11:32 AM,  <Valdis.Kletnieks () vt edu> wrote:
> On Fri, 18 Jul 2008 11:14:52 EDT, "Young, Keith" said:
> >
> I think Verizon Business's recent report (based on over 500 actual data breach
> incidents) is fairly credible.  I'd certainly believe that insiders racked up
> 70% or more of the financial loss, even if they aren't 70% of the incidents.
>
> The executive summary:
>
> http://www.verizonbusiness.com/about/news/displaynews.xml?newsid=25135&mode=vzlong&lang=en&width=530
>
> 87% would have been preventable via reasonable security measures.
> 75% were discovered by a third party, not the victims.
> 66% involved data the victims didn't even know was on the system.
>
> The full report:
>
> http://www.verizonbusiness.com/resources/security/databreachreport.pdf

Absolutely.  This has nothing to do with a real study by Verizon (very
nice, BTW, and thanks for the link).  It is the legendary, over-quoted
"FBI estimate" - that no one can find - that is the issue.  The
CSI/FBI survey (pick a year - any year) is a close contender, but none
of them have ever explicitly stated the 70% Lie, and inferring that
they do state it is quite a leap.

And of course "CSI/FBI" != "FBI".

The issue is not what the number "really is".  The issue is the FBI
never published it and journalists should stop using it until they can
link to the facts.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.