Recent data from Verizon’s addendum to its Data Breach Investigations Report actually shows that most (73%) data breaches come from External sources, not insiders. Granted, the InformationWeek data was garnered from a survey (point in time opinion) and the Verizon info was generated by analyzing disclosed/investigated public data breaches (over time) and it doesn’t include undisclosed incidents with internal investigations. Verizon concluded that breaches which warranted public disclosure were primarily done by external sources. I’m sure that many internal incidents that didn't affect a large swath of the public were never disclosed, which could slightly sway the results but interesting nonetheless. So the fear was Insider threats yet the actual data implicates outsiders. I started wondering if this one of those Perception vs. Reality things or as Stephen Covey puts it, “We see the world, not as it is, but as we are.”
In February 2009, when the economic crisis was in full swing, layoffs were a daily occurrence. There were many documented cases in the early 1990’s of crime/fraud that occurred during that recession and many believed it would happen again – but this time with technology's help. Stories started to appear indicating that this scenario might happen again and when the few that did happen were spotlighted (like the current trial of Terry Childs) - folks believed, or feared, that a new wave was coming. The data that came out other end, seems to show that those internal threats were less than expected, except maybe in the financial industry. The other side is that sometimes perception is more important than reality. With the perceived immanent danger of rogue ex-employees, IT departments had a wake up call to reexamine how they handle access termination, a critical piece of data preservation. In life and security, our view of the perceived risk is based on our past experiences/beliefs and that ultimately shapes our reality. My reality and your reality might be very different but we always have the power in how we respond to events, even ones out of your control. So as 2009 winds down and you get some needed rest (maybe), revel in the fact that this challenging year is almost over, you did the best (hopefully) you could and there will be a whole new set of threats, breaches, viruses, vulnerabilities, scams, malware and many other incidents that put security at risk as thieves typically work through the holidays. Plan as best you can and take the new ones in stride as a challenge to all of us to get even better at protecting all our critical assets – including the living, breathing ones.
And there you have it – 26 Short Topics about Security. Yea, we made it! But wait, there’s more. Stay tuned for the Post-blog Report where we look back at the series, pick some favorites and share what I’ve learned about putting together a chain of blogs over the course of 5 months covering a single topic. Should be fun.
ps
- #26 out of 26 Short Topics about Security
- Previous stories: 25, 24, 23, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13.5, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1
Technorati Tags: Pete Silva,F5,security,application security,network security,virus,
No comments:
Post a Comment