The 70/30 split is the new guiding principle in IT security

23 April 2015

About 70% of all cyber-attacks are executed by malicious insiders. 30% are performed by external attackers from outside the organization’s network.

But do we take this 70/30 split into account when planning IT security programs and allocating budgets? My personal feeling is that it is exactly the other way.

However, it seems that the IT security industry is reconsidering the direction of further development. The following statement of the new RSA President Amit Yoran saved my day:

“Building taller walls and digging deeper moats is not solving our problems. The perimeter mindset is still clinging to us. We say we know the perimeter is dead; we say we know the adversary is on the inside, but we don’t change our actions.”

For more details please see report “Yoran: RSA, information security industry needs ‘radical change’”, published 21 April 2015 by Michael Heller.

Take care!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s