Full Disclosure mailing list archives
Re: Compliance Is Wasted Money, Study Finds
From: Valdis.Kletnieks () vt edu
Date: Sat, 10 Apr 2010 23:09:22 -0400
On Sat, 10 Apr 2010 18:00:23 -0000, "Thor (Hammer of God)" said:
According to the 2009 Verizon Business Breach Report, 81% of the attack victims were not PCI compliant: http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
Verizon Business has gotten a good reputation for having good hard numbers. I'd have to say their breach reports are probably close to the most accurate numbers we're going to get in this industry.
81% of victims were not PCI compliant.
In and of itself, doesn't say much, but combined with these 3:
83% of attacks were not highly difficult. 87% were considered avoidable through simple or intermediate controls. 99.9% of records were compromised from servers and applications (meaning, not clients).
Sad, ain't it? Over 4 out of 5 times, the hack wasn't hard, and almost 9 out of 10 times, basic hardening would have prevented it. Unfortunately, there's not enough data there to say if the 81% had been compliant, if that would have imposed enough hardening to stop the attacks dead in their tracks. Probably in most of the cases it would have, though.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Compliance Is Wasted Money, Study Finds, (continued)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds J Roger (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Stephen Mullins (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Tracy Reed (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 07)
- Re: Compliance Is Wasted Money, Study Finds Digital X (Apr 08)
- Re: Compliance Is Wasted Money, Study Finds Tracy Reed (Apr 09)
- Re: Compliance Is Wasted Money, Study Finds Nick FitzGerald (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Thor (Hammer of God) (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 10)
- Re: Compliance Is Wasted Money, Study Finds Valdis . Kletnieks (Apr 22)
- Re: Compliance Is Wasted Money, Study Finds Christopher Gilbert (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Mike Hale (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Thor (Hammer of God) (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Christian Sciberras (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Thor (Hammer of God) (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Stephen Mullins (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Michael Holstein (Apr 23)
- Re: Compliance Is Wasted Money, Study Finds Thor (Hammer of God) (Apr 23)