Highlights from Verizon DBIR 2018

Here is my traditional “reading the DBIR aloud” (i.e with quotes shared) post. Read the entire thing, BTW, and not my favorites below:

  • Incident: A security event that compromises the integrity, confidentiality or availability of an information asset. Breach: An incident that results in the confirmed disclosure— not just potential exposure—of data to an unauthorized party.” <- a useful reminder actually on incident vs breac that many stiff confuse
  • “Use of stolen credentials” still tops several of their charts (such as #1 in “Top 20 action varieties in breaches”), reminding us of the need to monitor and analyze (UEBA, etc)
  • Curiously, “Top [#1] internal actor varieties in breaches” is … a system admin. It even tops the regular IT user. Oops! But overall, as expected, insider-initiated breaches are way, way lower than the externally-initiated kind (73% “perpetuated” by outsiders)
  • “On average, 4% of people in any given phishing campaign will click it” – a reminder that phishing works (BTW, spear phishing works better!)
  • ”68% of breaches took months or longer to discover” – the usual obligatory and sad line :-( (their visuals show “compromise in hours, containment in months” as before)
  • Interestingly, DDoS is the most common incident type (if I am reading their visuals on page 22 right, see below)

Finally, here is a piece of feedback from me for the DBIR crew: the report this year is MUCH less readable. A lot of text is ambiguous (WTH is “Phishing and pretexting represent 98% of social incidents and 93% of breaches.” Represent how? “Or most companies receive malware on six or fewer days a year.” Meaning what?) and many visuals are just inscrutable (“Days taken to contain botnets”… say what? “Incidents per pattern”?). I made 3 attempts to read it, and only my 3rd succeeded … so befuddling! All in all, this is my least favorite DBIR so far.

Related posts:

*** This is a Security Bloggers Network syndicated blog from Anton Chuvakin authored by Anton Chuvakin. Read the original post at: https://blogs.gartner.com/anton-chuvakin/2018/06/15/highlights-from-verizon-dbir-2018/