Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Despite Billions In Spending, your 'Military Grade' Network Will Still Be Leaking Data

posted by martyb on Friday August 30 2019, @05:01PM   Printer-friendly
from the debug-the-humans dept.

Arthur T Knackerbracket has found the following story:

Security shop Egress studied 4,856 personal data breach reports collected from the UK Information Commissioner's Office, and found that in 60 per cent of the incidents, someone within the affected biz was at fault.

Further breaking down human error, it was found that 43 per cent of the data leaks were caused by incorrect disclosure, such as someone sending a file to the wrong person or the wrong file to the right person or persons. For example, 20 per cent of the exposures were caused by faxing a file to the wrong person, and 18 per cent were caused by typing the wrong address into an email field or failing to use bcc and exposing every recipient.

[...] In other words, the biggest threat to your company's data security is you or a colleague. For every exotic APT operation that gets reported, there are four companies done in by someone fat-fingering a fax machine or clicking the wrong file to attach to an email.

"All too often, organizations fixate on external threats, while the biggest cause of breaches remains the fallibility of people and an inherent inability of employees to send emails to the right person," Egress CEO Tony Pepper said of the findings.

[...] None of this is to say that admins should neglect external security entirely. A quick perusal of the California Attorney General's disclosure list shows that four of the five most recently reported data leaks, including the massive Capital One theft, were in fact down to third-party hackers or malware infections. ®

Original Submission

 
This discussion has been archived. No new comments can be posted.
Despite Billions In Spending, your 'Military Grade' Network Will Still Be Leaking Data | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by jmichaelhudsondotnet on Saturday August 31 2019, @05:17PM

    by jmichaelhudsondotnet (8122) on Saturday August 31 2019, @05:17PM (#888259) Journal

    Adam Rappaport is this guy who operates at a high level in windows cloud which is now not based in the usa for some reason, he has a spy background.

    Do you think a company that hires people associated with a nation state's spy apparatus, basically at all, is going to produce software that protects the user even of, especially of, military applications?

    If you haven't noticed, the entire UK is a political nightmare and security nightmare, whatever you are doing up over there isn't working so you might want to reassess some of your assumptions.

    I am getting more and more serious about my belief that civilian and miltary software developers. Like ok nice of the NSA to share bugs it finds, but no you can't be a developer of software that is going to be used on personal computers with that background.

    Does anyone know if they are putting any windows 10 systems on their network? Windows webservers? Unmodified IME? Any routers making mystery layovers en route?

    Do all of the parties you are doing business with really, actually, have a good reputation? If not, well you might want to start there.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2