Gartner Blog Network


Highlights from Verizon DBIR 2018

by Anton Chuvakin  |  June 15, 2018  |  Submit a Comment

Here is my traditional “reading the DBIR aloud” (i.e with quotes shared) post. Read the entire thing, BTW, and not only my favorites below:

  • Incident: A security event that compromises the integrity, confidentiality or availability of an information asset. Breach: An incident that results in the confirmed disclosure— not just potential exposure—of data to an unauthorized party.” <- a useful reminder actually on incident vs breach that many  still confuse
  • “Use of stolen credentials” still tops several of their charts (such as #1 in “Top 20 action varieties in breaches”), reminding us of the need to monitor and analyze (UEBA, etc). This, BTW, is my favorite “new” threat that is essentially an 1980s threat that has survived, and fattened, over the years!
  • Curiously, “Top [#1] internal actor varieties in breaches” is … a system admin. It even tops the regular IT user. Oops! But overall, as expected, insider-initiated breaches are way, way lower than the externally-initiated kind (73% “perpetuated” by outsiders)
  • “On average, 4% of people in any given phishing campaign will click it” – a reminder that phishing works (BTW, spear phishing works better!)
  • ”68% of breaches took months or longer to discover” – the usual obligatory and sad line :-( [their visuals show “compromise in hours, containment in months” as before]
  • Interestingly, DDoS is the most common incident type (if I am reading their visuals on page 22 right, see below)

Finally, here is a piece of feedback from me for the DBIR crew: the report this year is MUCH less readable. A lot of text is ambiguous (WTH is “Phishing and pretexting represent 98% of social incidents and 93% of breaches.” Represents how? “Or most companies receive malware on six or fewer days a year.” Meaning what?) and many visuals are just inscrutable (“Days taken to contain botnets”… say what? “Incidents per pattern”?). I made 3 attempts to read it, and only my 3rd succeeded … it was a bit befuddling! All in all, this is my least favorite DBIR so far.

UPDATE: sorry for the typos, my lessons is not to blog while distracted :-) FIXED!

Related posts:

Category: security  

Anton Chuvakin
Research VP and Distinguished Analyst
5+ years with Gartner
17 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.