Friday, April 24, 2009

Spending Budget wisely

Where would you put your security budget? On client side security, buy a new end point protection or NAC because you know that there are plenty of client side exploits and users are one of the weakest links or you would rather put that dollar on a new database monitoring tool? In this difficult economic conditions it is very important to understand where to put your money.

The new Verizon data breach report provides some of these answers. Here is some relevant data,

Report shows that for the big computer crime cases in 2008, the vast majority involved data from servers (Online Data 94% of cases). In only 17% of all cases were End-User Systems involved in any part of a target. In only about 1% of cases (one case out of 90, Figure 16) were End-User Systems part of the attack pathway. The very same data, when viewed by the percent of records lost, shows that 99.9% of records were taken from servers, while just 0.01% of the records were taken from End-User systems.

At the end of the day, organizations should identify the risk and determine where and how they should spend the money.