Available at: https://enterprise.verizon.com/resources/reports/dbir/
Key report takeaways:
- Financial (fraud, theft, extortion) and Espionage are the two top motives identified as being behind the breaches studied, representing almost 90% of the sample
- Hacking, malware and social attacks are the 3 most common means identified, with targeted attacks (Fraud) on C level executives having the sharpest rise
- There are no safe havens. All industries of all sizes have been breached, lost data and suffered financial or reputational harm as a result. You would think this would be common knowledge by this point but there are still executives who live with their head in the sand thinking – “we have nothing to steal and it won’t happen to us!”
- Ransomware (Extortion) represents nearly 24% of the incidents studied, and occurred across organizations of all sizes and in all industries
- “Many breaches are a result of poor security hygiene and a lack of attention to detail.” Could not have said it better myself.
The DBIR mirrors in a looser fashion the Heuristic Security risk structure, with threat actors, motives and means. The details provided highlight the need to focus security investments on relevant threats, both that are occurring across all industries and which are more focused on particular industries based on the assets that attackers desire. Don’t fall into the trap of attempting to boil the ocean, focus first on implementing (and maintaining) the most effective counter measures to the most likely threats to your business.