Showing posts with label verizon. Show all posts
Showing posts with label verizon. Show all posts

Sunday, March 14, 2010

Verizon Incident Sharing Framework

Earlier this month Verizon Business announced cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir Verizon Incident Sharing Framework (VerIS framework). This document is a means to describe digital security incidents, using four main groupings: 1. Demographics, 2. Incident Classification, 3. Discovery and Mitigation, and 4. Impact Classification.

The idea is to provide a framework that incident investigators can complete for every digital security incident. Using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 output, security teams can better identify trends and make recommend improved security strategies and tactics. For example, Verizon builds cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir Data Breach Investigation Report using data from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir incident responses as formatted using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VerIS framework.

Verizon asked me to participate on a "board" affiliated with this project, so you can expect to hear more from me. Verizon started a Zoho Forum to discuss cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 framework, but I think a Wiki would better facilitate collaboration and development of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 document. At work we are working on our next generation incident management system, so I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VerIS framework might help us identify information to collect on incidents.

Saturday, July 11, 2009

Must-Read Verizon Post Demolishes More Myths

I'm a big fan of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2009 Verizon Data Breach Report. Today I read Compromised Assets & Data: But our company doesn’t handle credit cards... by Verizon's Bryan Sartin. It's an excellent post. I'd like to post several excerpts, emphasizing and expanding on certain points.

I find it fascinating that no matter where in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world you go, what type of company you talk to, public or private sector, you find two very common beliefs:

1. All data stolen in security breach is a result of lost assets, not systems-related intrusions.

2. I don’t handle payment cards (credit or debit) - so this stuff does not apply to me.

If you could only understand how outrageous cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se sound from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 standpoint of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 computer forensic investigator. Both thought processes couldn’t be more wrong.


I hear cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se refrains as well, or at least I see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 effects of devoting resources to ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r projects. Bryan continues:

Pretty much everyone I speak to firmly believes that in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 real world, companies do not get hacked into and data is never compromised as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 result of a systems-based intrusion. The prevailing wisdom, if you can call it that, suggests that almost all lost records leading to fraud are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 product of backup tapes that don’t make it from point A to point B, blackberries left in taxi cabs, and company-issued laptops left at train stations. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 prevailing wisdom UNTIL a company is hacked.

In reality, hackers and fraudsters target data of value. Companies are targeted, eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r directly or indirectly, because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are perceived to be data rich, and data that is stolen tends to lead to some measurable form of fraud, whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r it is counterfeit, identity fraud, etc...

Online data, including digital repositories of information like databases, transaction logs, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r aggregation and storage points, account for an overwhelming 94 percent of casework and 99.9 percent of all verifiable records compromised.


This is confirmation of my focus on external threats. Bryan turns to his second point:

"But my company doesn’t handle credit cards, so this doesn’t apply to me..." [I]t doesn’t matter whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r you store payment card data or not. The threats affecting companies in a particular industry or sector care more about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ability to sidestep security controls reliably, than about what type of data cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y’ll find once inside. Every company has something of value to a hacker.

If you don't have something of value to an intruder, you probably don't do anything worth keeping you in operation.

The following excerpt is really crucial:

There is no question that our case load is biased toward payment cards. Payment card data is a premium cybercrime target because when applied in a certain manner, stolen records of sufficient content can lead to fraudulent purchases...

[B]based on our figures, I would estimate that payment cards represent as little as 1.2 – 1.5 percent of all data cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365fts. The remaining 98.x percent being occupied primarily by personally identifiable data (PII), cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n account credentials, company-proprietary data, and a few ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r categories in a distant fourth and fifth by incidence. Payment cards are in fact a distinct minority in data cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ft cases, albeit an extremely noisy minority.

The ensuing fraud is detectable and fraud analysis and detection tools have made it almost elementary to identify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 likely source of a suspected payment card breach for almost 10 years.


Did you catch that? A stolen payment card intrusion is detectable. The hacked parties (online vendors, offline vendors, anyone using and storing payment card data) don't detect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 actual cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ft of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data. Fraudulent use of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 payment card data is detected by consumers and payment card providers. What about ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r data?

In simple terms, when payment card data is stolen – someone always finds out about it. The same cannot be said for PII and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r categories of compromised data we see...

Fraud is a direct, easily observable and easily trackable consequence of an intrusion. When an intruder steals payment card data, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 payment card data is used to commit fraud, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hacked party can be identified and notified using external means (bank or law enforcement calling).

However, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 consequences of ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r data cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ft intrusions are not so easily observed nor tracked. If a competitor steals your company's intellectual property, sales plans, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r sensitive information, it may not be obvious how that competitor beat you to a deal that quarter. This is why I spoke of long-term competitiveness, because you can't tie non-payment card intrusions back to an obvious consequence or impact.

Thanks to Bryan Sartin for such a great post.


Richard Bejtlich is teaching new classes in Las Vegas in 2009. Late Las Vegas registration ends 22 July.

Thursday, May 07, 2009

Highlights from 2009 Verizon Data Breach Report

Last year I posted Verizon Business Report Speaks Volumes, providing excerpts that resonated with me. Verizon released anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r edition last month, with plenty of commentary on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir blog and elsewhere. I wanted to record a few highlights here for my own reference but also to counter arguments I continue to see elsewhere about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 so-called prevalence of insider threats.

This is a polite way of trying to demolish cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most deeply entrenched urban myth in security history.



This shows cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2009 results.



This is an historical way to look at breach source data.



The following chart is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one that insider threat proponents will try to use to justify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir position. It shows that, on average, a breach caused by a single insider will result in many more records being stolen than one caused by an outsider. Incidentally, this is what I have said previously as well!



However, when looking at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem in aggregate, outsiders cause more damage.



If cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 big red dot doesn't say it all, I don't know what will.

Verizon captures this scenario using a "pseudo-risk" calculation.



Pete Lindstrom makes an interesting point about this calculation, but I don't think it is necessarily without merit.

I'd like to briefly turn to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 detection and response elements I found interesting.

The following shows someone from Verizon has been to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Best Single Day Class Ever. That big red dot shows "months" from compromise to discovery is dominant.



Detection methods continue to be pacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365tic.



This is probably because, although logs are collected, hardly anyone reviews cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.



This is probably because only a third of companies have an IR team.



Most companies are probably relying on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir anti-virus software to save cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. This is too bad, because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 explosion in customized malware means it probably won't.



All of this is why my TCP/IP Weapons School 2.0 class teaches students how to analyze data to detect and respond to intrusions, racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than rely on automated tools which fail.


Richard Bejtlich is teaching new classes in Las Vegas in 2009. Regular Las Vegas registration ends 1 July.

Saturday, June 14, 2008

Verizon Study Continues to Demolish Myths

I just read Patching Conundrum by Verizon's Russ Cooper. Wow, keep going guys. As in before, I recommend reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole post. Below are my favorite excerpts:

Our data shows that in only 18% of cases in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hacking category (see Figure 11) did cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack have anything to do with a “patchable” vulnerability. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r analysis in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 study (Figure 12) showed that 90% of those attacks would have been prevented had patches been applied that were six months in age or older! Significantly, patching more frequently than monthly would have mitigated no additional cases.

Given average current patching strategies, it would appear that strategies to patch faster are perhaps less important than strategies to apply patches more comprehensively...

To summarize cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 findings in our “Control Effectiveness Study”, companies who did a great job of patching (or AV updates) did not have statistically significant less hacking or malicious code experience than companies who said cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y did an average job of patching or AV updates. And companies who did ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r simpler countermeasures, like lightweight standard configurations, had very strong correlations with reduced risk. The Verizon Business 2008 Data Breach Investigations Report supports very similar conclusions.
(emphasis added)

It gets even better.

In summary, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Sasser worm study analysis found that companies who had succeeded at “patching fast” were significantly worse off than “average” companies in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same study. This seemed to be because, as a group, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se companies tended toward less use of broad, generic countermeasures. They also thought cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y had patched everyone, when in reality cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y hadn’t. You might say cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y spent more of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir energy and money on patching and less on routing, ACLs, standard configurations, user response training, and similar “broad and fundamental” controls...

A control like patching, which has very simple and predictable behavior when used on individual computers, (i.e., home computers) seems to have more complex control effectiveness behavior when used in a community of computers (as in our enterprises).
(emphasis added)

So, quickly patching doesn't seem to matter, and those who rely on quick patching end up worse off than those with a broader security program. I can believe this. How often do you hear "We're patched and we have anti-virus -- we're good!"

Also, I can't emphasize how pleased I was to see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 report reinforce my thoughts that Of Course Insiders Cause Fewer Security Incidents.

Wednesday, June 11, 2008

Verizon Business Report Speaks Volumes

This morning I attended a call discussing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new Verizon Business 2008 Data Breach Investigations Report. I'd like to quote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 linked blog post and a previous article titled I Was an Anti-MSS Zealot, both of which I recommend reading in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir entirety. First I cite some background on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 study.

Verizon Business began an initiative in 2007 to identify a comprehensive set of metrics to record during each data compromise investigation. As a result of this effort, we pursued a post-mortem examination of over 500 security breach and data compromise engagements between 2004 and 2007 which provided us with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vast amount of factual evidence used to compile this study. This data covers 230 million compromised records. Amongst cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se are roughly one-quarter of all publicly disclosed data breaches in both 2006 and 2007, including three of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 five largest data breaches ever reported.

The Verizon Business 2008 Data Breach Investigations Report contains first-hand information on actual security breaches...
(emphasis added)

That's awesome -- a study based on what Verizon's Incident Response Team found during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir work. Next let's read some thoughts from one of Verizon's security team.

I used to think that Intrusion Detection Systems (IDS) and Managed Security Services (MSS) were a waste of time. After all, most attacks that I had worked on began, and were over, within seconds, and were typically totally automated...

But cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Verizon Business 2008 Data Breach Investigations Report tells a very different story. The successful attacks were almost universally multi-faceted and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 various timeframes are truly astounding. The series of pie charts in Figure 21 are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most interesting data.



The first chart shows that more than half of attacks take days, weeks, or months from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point of entry of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first successful attack step) to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point of data compromise (not simply system compromise, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point at which cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 criminal has actually done material harm). 90% take more than hours and over 50% take days or longer. Clearly if an appropriate log was instrumented and being regularly reviewed or an IDS alarm occurred, you would notice and could stop cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vast majority of our cases.

The second pie chart in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 series reveals that 63% of companies do not discover cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 compromise for months and that almost 80% of cases do not learn of attacks for weeks after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y occur. In 95% of cases it took cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 organization longer than days after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 compromise to learn of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack. There are hundreds of cases in which cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 inside team eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r didn’t look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 logs (in 82% of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 breaches in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 study, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 evidence was manifested in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir logs), or for some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r reason (were frustrated, tired, overwhelmed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 logs, found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to be not-interesting, felt cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y were too noisy after a few days or weeks) simply quit looking...
(emphasis added)

That is amazing. Consider cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following regarding patching.

[O]nly 22% of our cases involved exploitation of a vulnerability, of which, more than 80% were known, and of those all had a patch available at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack. This is not to say that patching is not effective, or necessary, but we do suggest that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 emphasis on it is misplaced and inappropriately exaggerated by most organizations. For cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sake of clarity, 78% of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 breaches we handled would have still occurred if systems had been 100% patched cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 instance a patch was available. Clearly patching isn’t cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 solution to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 majority of breaches we investigated.

How about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 source of attacks?

While criminals more often came from external sources, and insider attacks result in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 greatest losses, criminals at, or via partner connections actually represent cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 greatest risk. This is due to our risk equation: Threat X Impact = Risk

  • External criminals pose cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 greatest threat (73%), but achieve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 least impact (30,000 compromised records), resulting in a Psuedo Risk Score of 21,900

  • Insiders pose cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 least threat (18%), and achieve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 greatest impact (375,000 compromised records), resulting in a Pseudo Risk Score of 67,500

  • Partners are middle in both (39% and 187,500), resulting in a Pseudo Risk Score of 73,125


While cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se are rudimentary numbers, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 relative risk scores are reasonable and discernable. It is also worth noting that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Partner numbers rose 5-fold over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 duration of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 study, making partner crime cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 leading factor in breaches. This is likely due to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ever increasing number of partner connections businesses are establishing, while doing little to nothing to increase cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir ability to monitor or control cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir partner’s security posture. Perhaps as expected, insider breaches are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 result of your IT Administrators 50% of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time.
(Note cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 original blog post doesn't say 39%, although cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 report and briefing does.)

I think that's consistent with what I've said: external attacks are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most prevalent, but insiders can cause cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 worst damage. (The authors note cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 definition of "insiders" can be fuzzy, with partners sometimes considered insiders.)

This chart is one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 saddest of all.



Unfortunately, it confirms my own experience and that of my colleagues.

I'll add a few more items:



    • Three quarters of all breaches are not discovered by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 victim

    • Attacks are typically not terribly difficult or do not require advanced skills

    • 85% of attacks are opportunistic racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than targeted

    • 87% could have been prevented by reasonable measures any company should have been capable of implementing or performing



  • Sounds like my Caveman post from last year.

    I am really glad Verizon published this report and I look forward to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next edition in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fall.