2 comments

[ 3.9 ms ] story [ 13.4 ms ] thread
"The latest in the pile of studies to show as much found that over 95 percent of corporate networks were hacked between last October and March..."

The single cited study was done by FireEye, which sells security products and services. They have an incentive to exaggerate the problem, since their business depends on the existence of threats.

"...which contrasts with the precisely zero times one of industry’s top three providers reported a major breach since Amazon started the club in 2006."

The lack of reporting doesn't imply a lack of incidents. Since reporting breaches would result in negative publicity for both the cloud providers and their customers, we'd expect them to keep quiet.

> The single cited study was done by FireEye, which sells security products and services. They have an incentive to exaggerate the problem, since their business depends on the existence of threats.

The widespread vulnerability of corporate networks is not something that FireEye discovered on its own, as the article notes. Besides, security threats don't seem to need too much exaggeration nowadays from a public awareness standpoint.

>The lack of reporting doesn't imply a lack of incidents. Since reporting breaches would result in negative publicity for both the cloud providers and their customers, we'd expect them to keep quiet.

Publicly traded companies legally can't hide a major breach from the SEC even if it hurts the bottom line. As a matter of fact, that's one of the main reasons why they are obliged to disclose such incidents in the first place. Target and Home Depot are some of the latest examples.