Observations from VZDBIR 2010

VZDBIR Interesting Graphs

I spent some time today reading the VZDBIR report as many of us did and decided to collate a few interesting graphs from this report. Reports like this are a great way to understand and put some weight behind the argument to the business on actual threats and eventual loss to the business (record %). When collated, the findings provide an interesting view into these threats (whether it be advanced and/or persistent) and what we are dealing with in the security community.


Questions that came to mind following the review 
- How can the compliance world take such findings on board and improve the standards? 
- How can the regulations/requirements improve to put appropriate weight on critical areas in security instead of an across the board 'old school' playing field? 
- Is what is required for compliance enough to protect the business against these threats? (On a second thought, this question isn't worth answering ;))


Certainly, the report shows an ever changing threat landscape. I believe compliance can gain some weight in the security and business world by understanding and incorporating such reports into their standards and requirements.


It is not just in compliance (although it is one of the biggest headaches in the business), but also in Security management that these observations can help teams redesign and re-evaluate their security strategies and invest wisely to address the 'real' threats and improve their ROI.


Thoughts?