In Information Technology and perhaps even more so in Information Security, we are overwhelmed with acronyms. This month, I would like to introduce a new one to the common SyCom lexicon – DBIR. DBIR stands for Data Breach Investigation Report. Verizon investigates a huge amount of Information Security incidents each year and compiles their findings and recommendations into the Verizon Data Breach Investigation Report. This report is published annually, is publicly available and is an industry-recognized authority on “what is going on” in Cyber (the cool term, associated with Information Security).
Each year, this report helps to compile and analyze the wisdom to be gained from the experiences that Verizon’s team encounters during their investigations.
What sorts of things can you learn from reading this report – listed are just a few of the key bits of information? (current trend data in parenthesis)
- What types of attacks are most prevalent? (exploits of misconfigurations)
- Who are the bad actors looking for? (mostly financially motivated)
- What are the primary attack vectors in incidents? (Denial of Service)
- What are the primary attack vectors in breaches? (Phishing/Social Engineering) And, btw, what is the difference? (An incident is an event that compromises the Confidentiality, Integrity or Availability of data. A breach is confirmed disclosure of data to an unauthorized party.)
- Which industries are most targeted (i.e. where are the most incidents)? (Professional Services firms and Public Sector entities)
- In each industry, what are the primary attack vectors in play? (Various, but for Professional Services = Credential Theft and Exploits against Web based applications is most prevalent. For Public Sector = Ransomware is tops.)
Taking a look at just the snippets of what I have shared here, I think we should all be able to see how leveraging this sort of information should be able to help us continue with SyCom’s prime directive, which is to “Provide Outstanding and Memorable Service in Everything We Do.”
Information Security is important. Even with all the other crises going on in our world, this problem will not go away. In fact, there is much information to show that the COVID crisis, for example, is now being heavily utilized to build attack vectors such as phishing campaigns.
Stay vigilant and use data like the DBIR provides to be aware and keep ourselves and our customers safe.
Good luck and be safe,
Allen Jenkins, CISO