Every year, the Verizon Data Breach Investigations Report comes out, and there’s a mad scramble to inspect and interpret the data. The report is data-rich, as always, and already contains a bunch of analysis, so there are really only a few options for adding value to the conversation. Industry commentators can choose to disagree with the analysis, expand on some part of the data or pull out specific points to emphasize.

I always find specific value in the more detailed analysis by sector. The overall themes and trends don’t tend to vary so much, but the industry detail is more actionable.

First, it may seem obvious, but it’s important to understand the distinction between incidents and breaches in the DBIR. There are a fair number of pretty charts and graphs in here, but they mean very different things depending on which of these two categories they apply to. Incidents include just about anything reported regardless of whether data was confirmed to be compromised. Breaches, on the other hand, are only those incidents in which data was actually compromised. My bias is to look at the breach data because incidents are a dime-a-dozen whereas breaches are where the rubber meets the road.

For an overview that includes an industry sector perspective, my favorite section of the DBIR is this set of matrices in ‘Victim Demographics and Industry Analysis.’

This visual representation provides you with the ability to quickly identify outliers and problem areas in ways that are meaningful. For example, you can see plainly that ‘hacking’ is an action that broadly impacts the industry sectors across both incidents and breaches. As a target, servers are also, broadly, the assets most impacted.

You also might notice the significant contrast between incidents and breaches around the pattern of denial of service. (Read more...)