Tag: DBIR

Ralf HallerRalf Haller April 13, 2011

Some interesting infos on IT security from Verizon’s Peter Tippett

Today I attended a Panel meeting and lunch at the Swiss American Chamber of Commerce. Topic was security challenges in general and among the speakers was Peter Tippet, VP Technology & Innovation who flew in from the US for this event and who gave a nice speech. Some of the key points he mentioned:

  • Data Breach Investigation report (DBIR) collects since 8 years valuable IT threat data
  • Verizon is working on 1000 cases per year where security attacks succeeded, the results also go into the DBIR
  • 92% of all security breaches come from stealing the password, a simple 2-factor login (e.g. security chip card) would very likely stop most of these incidents
  • faster patching would not have prevented any of the investigated cases
  • in most cases (70%) the intruders use non-critical business applications to come in and not at all the top applications where most of the IT security money is spent
  • Verizon runs the backbone of the Internet if you like by providing 20,000 gateways in 160 countries
  • through these gateways they are able to identify 1700 names/day of possible or actual intruders
  • they are getting data for prosecuting cyber criminals and did so in 45 successful cases in 2010, 97% of these cases would have been preventable with the right security measures
  • his bottom line message was: do more of the very simple things and do them very well instead of trying the sophisticated stuff as most attacks happen not there