Barney's Blog

Blog archive

Verizon Says Most Attacks Are Our Fault

My headline may be overly dramatic, but Verizon did recently say that 97 percent of all attacks it studied could have been avoided if only we had done simple things to prevent them.

To a large degree, the company is right. Many attacks use social engineering or phishing, and we should have all long ago learned to not fall for these -- no matter how tempting it is to make millions of dollars from a total stranger.

And most malware isn't malicious until it is somehow downloaded, which means we must click on something we should never click on.

Again, we should all know better by now.

One of the most interesting findings is that most hackers are actually either activists trying to make a point (whatever happened to waving picket signs or getting yourself arrested?) or losers trying to prove their skills (of course, when you can just download and then spread malicious code, how much skill do you really need?).

How many attacks do you think could be prevented, and what are the simplest and most effective ways to block them? Send your best advice to

Posted by Doug Barney on 03/23/2012 at 1:19 PM

comments powered by Disqus

Reader Comments:

Fri, Mar 23, 2012 philmee95 Cali

Email filters, user training, web filters and antivirus still did not protect us from fake av malware that loaded via flash 0 day exploits. Most dumb stuff is gone though as I locked down background pictures so users don't try to install those dumb mouse and background themes that "power users" all seem to crave.

Fri, Mar 23, 2012 Macgvr

I have seen that my efforts at informing my users are paying off. They now call me to check out any email that looks suspicious. None of them have clicked on these emails to check them out themselves. We have not had a single infection that was the result of clicking a suspicious email or file or link. I take educating my users seriously and don't hesitate to repeat myself if I think it is needed, if I think a reminder is due. Certain things need to be reinforced over time so that they will sink in and be there when needed.

Fri, Mar 23, 2012 Bob F MN

Am I the only one that finds an ISP publishing this report as ironic? If ISPs simply kicked infected devices off of their network until they were "sanitized" - many users might actually follow best practices and keep from getting infected to begin with.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.