On May 13, Verizon released its Data Breach Investigations Report (DBIR) 2021. This annual publication serves many purposes. It yields context into what security analysts are seeing, for instance. But it also affects organizations’ security postures at an even higher level.

Here’s Anthony Israel-Davis, research and development manager at Tripwire, with more:

One thing that the DBIR does is it takes the things that are going on in the cybersecurity space, particularly with breaches and incidents, and breaks them down into something that is both interesting to look at from a statistics standpoint but then actionable to various industries or people who are actually doing the work to defend the enterprise. At a very high level, if you are a cybersecurity analyst and you’re in the trenches, this might be old news, but if you are doing strategy, if you’re trying to determine what to do in your space, this is a great report to understand what’s going on out there—especially year to year.

Of course, there are only so many initiatives that organizations can take on each year. Organizations therefore need to be strategic about what security priorities they elect to pursue. This reality raises some interesting questions. What if they don’t know which security objectives to take up? What if they’re looking to maximize the latest DBIR’s findings for the year ahead?

If organizations find themselves in that position, they can develop a multi-part strategy that focuses on some or all of the following five objectives.

Objective #1: Create a Phishing Awareness Program

In its DBIR 2021, Verizon explained that phishing continued its reign as one of the top Action varieties in breaches. But it also noted that phishing was more prevalent in 2020, accounting for 36% of breaches. That’s up from 25% a year prior, an (Read more...)