Here is my traditional “reading the DBIR aloud” (i.e with quotes shared) post. Read the entire thing, BTW, and not only my favorites below:
- “Incident: A security event that compromises the integrity, confidentiality or availability of an information asset. Breach: An incident that results in the confirmed disclosure— not just potential exposure—of data to an unauthorized party.” <- a useful reminder actually on incident vs breach that many still confuse
- “Use of stolen credentials” still tops several of their charts (such as #1 in “Top 20 action varieties in breaches”), reminding us of the need to monitor and analyze (UEBA, etc). This, BTW, is my favorite “new” threat that is essentially an 1980s threat that has survived, and fattened, over the years!
- Curiously, “Top [#1] internal actor varieties in breaches” is … a system admin. It even tops the regular IT user. Oops! But overall, as expected, insider-initiated breaches are way, way lower than the externally-initiated kind (73% “perpetuated” by outsiders)
- “On average, 4% of people in any given phishing campaign will click it” – a reminder that phishing works (BTW, spear phishing works better!)
- ”68% of breaches took months or longer to discover” – the usual obligatory and sad line 🙁 [their visuals show “compromise in hours, containment in months” as before]
- Interestingly, DDoS is the most common incident type (if I am reading their visuals on page 22 right, see below)
Finally, here is a piece of feedback from me for the DBIR crew: the report this year is MUCH less readable. A lot of text is ambiguous (WTH is “Phishing and pretexting represent 98% of social incidents and 93% of breaches.” Represents how? “Or most companies receive malware on six or fewer days a year.” Meaning what?) and many visuals are just inscrutable (“Days taken to contain botnets”… say what? “Incidents per pattern”?). I made 3 attempts to read it, and only my 3rd succeeded … it was a bit befuddling! All in all, this is my least favorite DBIR so far.
UPDATE: sorry for the typos, my lessons is not to blog while distracted 🙂 FIXED!