|
|
|
|
|
|
by thephyber
3092 days ago
|
|
|
> Breaches in security are caused by malicious actors finding vulnerabilities in trusted systems Alex Stamos, the CISO of Facebook, likened the causes of security breaches to a pyramid. The bottom of the pyramid, where the vast majority of security breaches happen (perhaps 80%), are caused by basic fraud: shared passwords, phishing, asking the user to do something like self-XSS. Of the remainder, perhaps 80% of security breaches are done through the more common, more mundane attacks like unpatched vulnerabilities or misconfigurations. It's only a fraction of a fraction of a percent of attacks that are done using zero-day vulns. As much as what you said is relevant for security, I would argue that engineers think that security is more of an engineering problem set than it is. |
|
|