Here is my traditional “reading the DBIR aloud” (i.e with quotes shared) post. Read the entire thing, BTW, and not only my favorites below:
- “Incident: A security event that compromises the integrity, confidentiality or availability of an information asset. Breach: An incident that results in the confirmed disclosure— not just potential exposure—of data to an unauthorized party.” <- a useful reminder actually on incident vs breach that many still confuse
- “Use of stolen credentials” still tops several of their charts (such as #1 in “Top 20 action varieties in breaches”), reminding us of the need to monitor and analyze (UEBA, etc). This, BTW, is my favorite “new” threat that is essentially an 1980s threat that has survived, and fattened, over the years!
- Curiously, “Top [#1] internal actor varieties in breaches” is … a system admin. It even tops the regular IT user. Oops! But overall, as expected, insider-initiated breaches are way, way lower than the externally-initiated kind (73% “perpetuated” by outsiders)
- “On average, 4% of people in any given phishing campaign will click it” – a reminder that phishing works (BTW, spear phishing works better!)
- ”68% of breaches took months or longer to discover” – the usual obligatory and sad line [their visuals show “compromise in hours, containment in months” as before]
- Interestingly, DDoS is the most common incident type (if I am reading their visuals on page 22 right, see below)
Finally, here is a piece of feedback from me for the DBIR crew: the report this year is MUCH less readable. A lot of text is ambiguous (WTH is “Phishing and pretexting represent 98% of social incidents and 93% of breaches.” Represents how? “Or most companies receive malware on six or fewer days a year.” Meaning what?) and many visuals are just inscrutable (“Days taken to contain botnets”… say what? “Incidents per pattern”?). I made 3 attempts to read it, and only my 3rd succeeded … it was a bit befuddling! All in all, this is my least favorite DBIR so far.
UPDATE: sorry for the typos, my lessons is not to blog while distracted FIXED!
- Verizon DBIR 2013 Highlights and Favorites
- Highlights From Verizon Data Breach Report 2015
- Highlights From Verizon Data Breach Report 2016
Read Complimentary Relevant Research
How to Evaluate Cloud Service Provider Security
Security and risk management leaders continue to experience challenges to efficiently and reliably determine whether cloud service providers...
View Relevant Webinars
2017 CIO Agenda: A Security and Risk Management Perspective
The 2017 CIO Agenda highlights the importance of building a digital ecosystem for enterprises. Security and Risk Management leaders must...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.