Tuesday, November 28, 2006

Revisiting 80% Mystery

So, everybody heard that "80% of something bad is due to insiders;" moreover, many just hate this mystery statistic. Here are a few common and different versions:

1. "80% of security attacks are due to insiders."
2. "80% of security loss is due to insiders."
3. "80% of statistics are made up." :-)

Should we completely scrap this 80% beasty or is there any truth in it, after all? Recently I've seen a discussion on one mailing list where some pretty darn smart folks swore that they can personally attest that one or the other version of the above is "absolutely true."

So, any defenders/attackers of the above?

1 comment:

Anonymous said...

I don't see how you can get ANY number at all! It depends on whether you're counting insiders who unintentionally enable attacks/loss by creating vulnerabilities, or if you're only counting insiders as malicious attackers.

Dr Anton Chuvakin