All sort of fun stuff was unearthed, discussed and - sometimes - made-up upon reading the Verizon Security Breach Investigations report. Here are some things from the pile which I found fun:
- Report itself [PDF] and brief on it from Verizon (and two fun follow-ups, this and this here)
- "90% of all statistics can be made to say anything… 50% of the time, aka my thoughts on the Verizon report"
- "Data Breach Post Mortem Offers Surprises" (well, to some people, they are surprises ...)
- "Insider Threat Exaggerated, Study Says" (not, it doesn't, BTW)
- "Verizon Business Report Speaks Volumes" (from Richard, thus a MUST read)
And of course, here is my favorite part: "In 82 percent of cases, our investigators noted that the victim possessed the ability to discover the breach had they had they been more diligent in monitoring and analyzing event-related information [AC - i.e. logs] available to them at the time of the incident." and this "Furthermore, a crime scene devoid of any network and system logs, a key resource for computer forensics, is a disturbingly common occurrence."
What can I say? Back to battle stations for me - to fight the war of making logs more popular! :-)