We live in the age of the data breach. It seems from every newspaper and on every newscast we hear about yet another breach of a computer network resulting in the theft of confidential or sensitive information. Even the media outlets themselves have become the targets of these attacks and data breaches.
Within the security industry and in society in general we are in a constant search for a solution to this problem. However, many in the security industry have become so disillusioned by failure that they have adopted the opinion that a breach is inevitable and the primary focus should be on detection and response as opposed to prevention. In truth, there is no single, simple answer and giving up is not a viable alternative.
The fact that there are no easy answers does not mean we have to accept defeat. And one of the first steps is to recognize that many promoted opinions about the cause of breaches and the failures of technology are actually myths. These myths obscure a clear path to increased security and better risk management. Debunking these myths is an important step to improve the effectiveness of our security defenses against future breach attempts. This paper will expose five of the biggest myths that exist about data breaches, and explain how and why they occur.