The 70/30 split is the new guiding principle in IT security

23 April 2015

About 70% of all cyber-attacks are executed by malicious insiders. 30% are performed by external attackers from outside the organization’s network.

But do we take this 70/30 split into account when planning IT security programs and allocating budgets? My personal feeling is that it is exactly the other way.

However, it seems that the IT security industry is reconsidering the direction of further development. The following statement of the new RSA President Amit Yoran saved my day:

“Building taller walls and digging deeper moats is not solving our problems. The perimeter mindset is still clinging to us. We say we know the perimeter is dead; we say we know the adversary is on the inside, but we don’t change our actions.”

For more details please see report “Yoran: RSA, information security industry needs ‘radical change’”, published 21 April 2015 by Michael Heller.

Take care!