A great year for data thieves


Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

The Verizon Business Report on data breaches 2009 was released – the data breach investigations report headlines with 285 million data records breached in 2008:

  • 91% of attackers were organized crime
  • 74% of attacks by malicious outsiders
  • 67% of vulnerabilities due to system defects
  • 32% implicated business partners

The report must be particularly disturbing to endpoint DLP vendors focused on preventing data loss by trusted insiders on  PCs (  99.6% of data was breached by  attackers attacking servers…. )

My experience with clients in the past 5 years in the data loss/extrusion prevention business has been focused on discovering internal security vulnerabilities and implementing cost-effective security countermeasures.  Our findings (summarized in our Business Threat Modeling white paper) were based on analyzing empirical data of 167 data loss events points a finger at software defects as a key data loss vulnerability. The Verizon business study appears to suggest that the situation has only gotten much worse – i.e. data breachs are rising as software quality is declining.

A conservative estimate in our research showed that 49% of the events exploited software defects as shown in the below table. Theoretically we can mitigate half of the risk by removing software defects in existing applications. The question, which we  answer in the white paper is how.

Aggregated vulnerability distribution by type
Vulnerability type

Total

Percentage

Accidental disclosure by email

5

3.0%

Human weakness of system users/operators

13

7.8%

Unprotected computers / backup media

67

40.1%

Malicious exploits of system defects

82

49.1%

Grand Total

167

100.0%

The Carnegie Mellon Software Engineering Institute (SEI) reports that 90 percent of all software vulnerabilities are due to well-known defect types (for example using a hard coded server password or writing temporary work files with world read privileges). All of the SANS Top 20 Internet Security vulnerabilities are the result of “poor coding, testing and sloppy software engineering

Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this