80% of all attacks come from within the enterprise - so the dogma.

After the Verizon report that stated that the insider threat is grossly exagerated here is another interesting piece from Taosecurity :

  • Did you know that the 80% statistic is based on a 17 year old report with questionable procedures?

  • Did you know that this is know since a 2001 CSI/FBI study quoted Dr. Eugene Schultz ? [1]
    There is currently considerable confusion concerning where most attacks originate. Unfortunately, a lot of this confusion comes from the fact that some people keep quoting a 17-year-old FBI statistic that indicated that 80 percent of all attacks originated from the [inside].
  • Quote: "For the past five years, incidents caused by insiders accounted for 7% or less of all Web intrusions. In 2003, outsiders accounted for 53%. About one-quarter of respondents said they “don’t know” the origin of their Web incidents, and 18% said “both” the inside and outside participated."

  • While the 80% myth seems busted, insiders apparently caused more financial damages than outsiders.

Read more at TaoSecurity


Post a Comment