All Entries Tagged With: "Careless Insiders"
Retail Data Breach Study Analysis
Perimeter eSecurity released a retail data breach study several months ago. There was an insightful article posted that I thought made some very good points. Be sure to read the comments at the bottom as well.
Swine Flu Scams
Even with this first, passive wave of H1N1 swine flu diminishing, scams are on the rise. Websense reports a huge number of email scams based on news (usually false) around the H1N1 swine flu. End users being concerned about a possible pandemic are eager to learn the latest news and with sensationalized subject [...]
Security as a company culture
Nearly half of all companies cite a lack of training and an “upsupportive company culture” around security according to the ISC2 security organization. (see article)
The survey was of 700 security professional
46 percent say employees have a “weak understanding” of security policy.
48 percent say there is a lack of training and an overall unsupportive company [...]
Would your employees sell out?
According to a new survey of 600 people, one third of employees would sell company secrets for compensation. The amount of compensation needed varied based on who was spoken to. This survey was done by the same people who famously got usernames and passwords from people in exchange for a chocolate bar last [...]
FBI & US Marshals Malware Infection
Here is the text from an article posted by the SANS institute…
“GOVERNMENT SYSTEMS AND HOMELAND SECURITY –Malware Infects Computers at US Marshals Service and FBI (May 21, 2009) Part of the computer system at the US Marshals Service was shut down Thursday morning after malware was detected. The decision was made to shut down Internet [...]
Financial Data Breach Sources
Some good analysis from a post on Perimeter.
“In the study we just released on financial institution data breaches between 200 and 2008 we analyze the breach sources.
Hacking accounts for 42 percent of incidents but 55 percent of records compromised. This is the largest percent of incidents and records which is why financial [...]
Common Hacker Attack Pathways
In the 2008 Data Breach Investigations Report written by Verizon it discusses the most common methods of access (pathways) used to compromise networks. What they found from the 500+ caseload was the following:
Nearly half of all breaches exploited remote access and control systems. The report states that this is often remote access software [...]
Financial Data Breach Study by Kevin Prince of Perimeter eSecurity
A new financial institution data breach study has recently been published by Kevin Prince of Perimeter eSecurity. It analyzes breaches between 2000 and 2008. While several aspects of the study deserve individual discussion and attention, it is interesting that Kevin Prince did a podcast interview with BankInfoSecurity. In the podcast Kevin answers [...]
Data Breaches by Threat Categories
A recent study breaks down the threat categories of 500+ caseloads of investigated breaches.
Error – Poor decisions, misconfigurations, omissions, non-compliance, process breakdowns, etc. Nearly 80% of breaches within this category are due to omission.
Hacking – Deliberate action against information systems.
Malcode – Malicious software or code found to contribute to breach in question. [...]
Sins of Omission…that lead to data breaches
Insider error is the leading cause of data security breaches according to a Verizon report.
It indicates that 62% of cases involve error and in 79% of those cases, it was insiders lack of doing something they should have (omission) that lead to the breach. Not following policies, procedures, and duties by those [...]