back to article Data breaches easily prevented - report

The vast majority of information security breaches might have easily been prevented, a study has concluded. An analysis of 500 forensic investigations, collectively involving 230 million compromised customer records, by Verizon Business also found that three in four (73 per cent) of the breaches stemmed from external attacks, …

COMMENTS

This topic is closed for new posts.
  1. Benjamin Wright

    legal definition of reasonable security

    Legally speaking, what is "reasonable security?" FTC fined TJX for not having it, but I disagree. Verizon says 9 of 10 data breaches could have been avoided if reasonable security were present. That implies 9 in 10 breach victims were in violation of law. The study's outlook is that the solution to identity theft is locking down corporate data. But a security consultant/solution provider like this Verizon unit naturally sets a high bar for what is reasonable. And when Verizon evaluates whether reasonable security could have prevented a break-in, it does so with the benefit of hindsight. Yet the study goes on to say that in modern systems knowing where all your data reside is "an extremely complex challenge." In other words, the shere problem of keeping up with the location of data (so you can apply security) is very expensive, and mistakes by data-holders who act in good faith are easy. The reasonable measures expected by FTC and Verizon are extravagantly hard to implement in practice. Hence, the portion of incidents preventable by FTC/Verizon's reasonable procedures is much lower than 90%. We need to focus more attention on other solutions to identity theft. --Ben http://hack-igations.blogspot.com/2008/03/ftc-treats-tjx-unfairly.html

This topic is closed for new posts.

Other stories you might like