Yesterdays hack of the Fine Gael website (http://finegael2011.com/) has highlighted the need for individuals and organizations who collect personal data in Ireland to be aware that they must to take all steps that they can to protect this data. Full details on these obligations can be found on the Data Protection Commissioners website www.dataprotection.ie.
There has been no details of the security vulnerability that was exploited yet but to me it sounds like a SQL Injection attack.
Monday, January 10, 2011
Friday, January 7, 2011
Verizon 2010 Data Breach Investigations Report
I have just looked through the Verizon 2010 Data Breach Investigations Report http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf
It was published 6 months ago but there are 2 interesting points in it for me
The first point comes from "Table 7 Types of compromised assets by percent of breaches and percent of records" on page 39. It shows that while the database server accounts for 25% of compromised assets it accounts for a huge 92% of compromised records. This shows that once the attacker gets to your database they have access to the crown jewels.
The second point comes from "Figure 42. Cost of recommended preventive measures by percent of breaches" which shows the cost of implementing the preventive measures once the breach was discovered. The cost to prevent 64% of the breaches was considered "simple and cheap" . This counters the argument that it would cost too much to implement full data protection policies. "Figure 43. Categorization of recommended mitigation measures by percent of breaches" goes on to shows that 66% of breaches could have been prevented by "Configuration change to existing assets" and "alter existing practice".
Attackers will generally go for the lowest hanging fruit and from this Verizon report it looks like there is still plenty of it around.
It was published 6 months ago but there are 2 interesting points in it for me
The first point comes from "Table 7 Types of compromised assets by percent of breaches and percent of records" on page 39. It shows that while the database server accounts for 25% of compromised assets it accounts for a huge 92% of compromised records. This shows that once the attacker gets to your database they have access to the crown jewels.
The second point comes from "Figure 42. Cost of recommended preventive measures by percent of breaches" which shows the cost of implementing the preventive measures once the breach was discovered. The cost to prevent 64% of the breaches was considered "simple and cheap" . This counters the argument that it would cost too much to implement full data protection policies. "Figure 43. Categorization of recommended mitigation measures by percent of breaches" goes on to shows that 66% of breaches could have been prevented by "Configuration change to existing assets" and "alter existing practice".
Attackers will generally go for the lowest hanging fruit and from this Verizon report it looks like there is still plenty of it around.
Subscribe to:
Posts (Atom)