The Verizon Data Breach Investigations Report comes out every year, and there is a crazy battle to inspect and interpret the data. The report is as always rich in data and already contains a whole series of analyzes, so there are really only a few options to add value to the conversation. Industry commentators may choose to disagree with the analysis, to extend part of the data or to emphasize specific points for emphasis.
I always find specific value in the more detailed analysis per sector. The general themes & trends don't usually vary that much, but the detail in the industry is more topical.
First, it seems obvious, but it is important to understand the distinction between incidents and breaches in the DBIR. There are quite a lot of nice charts and graphs, but they mean very different things, depending on which of these two categories they apply to.
Incidents include almost everything that has been reported, regardless of whether it has been confirmed that data has been compromised. On the other hand, violations are only those incidents where data have actually been compromised. My bias is to look at the data about the infringement, because incidents are a dozen of a dozen, while in the event of violations the rubber hits the road.
For an overview with a sector perspective, my favorite part of the DBIR is this set of matrices in & # 39; Victim Demographics and Industry Analysis & # 39 ;.
This visual representation allows you to quickly identify outliers and problem areas in ways that make sense. For example, you can clearly see that & # 39; hacking & # 39; is an action that has a broad impact on the industries in both incidents and breaches. As a general rule, servers are also the assets that are most affected.
You can also notice the significant contrast between incidents and breaches around the denial of service pattern. Quite simply, DoS is the primary pattern for the majority of incidents, but not breaches. You also see similarities between the two with & # 39; hacking & # 39; and & # 39; servers & # 39 ;.
These are examples where the characteristics of incidents and infringements are comparable. In other words, investments in hacking protection and security for your servers are likely to reduce both incidents and breaches, but DoS protections have little impact on breaches.
Of course the real value in this vision is around the specific industry sectors. For example, if you are in retail, be sure to pay attention to how you protect your web applications, how you protect against hacking, and how you protect your servers. It would also not be bad to have a malware protection strategy.
If you are in the public sector, you should be more concerned with cyber espionage, hacking and maybe people a little more than servers. You can see that the conclusions differ considerably when comparing retail and public sectors. It may seem intuitive that retail does not have to worry so much about cyber espionage, but focusing on people as targeted assets for the public sector can make a big difference in the way budget is applied.
Healthcare has the most problems with various errors, a deviation from most other sectors. Privilege abuse, which you could see as a relative, is also not far behind. Healthcare campaigns cluster in an interesting way, with the top three consisting of hacking, social engineering and abuse.
If you look at the health care system as a whole, you can draw some useful conclusions about how budget should be applied, in particular to technology and data access processes.
As you may have noticed, this type of sector-specific analysis is invaluable in budget discussions. There is more of this detail in the individual sections dedicated to each sector. It is worth reading if you have a specific interest. This specific vision can also generate part of that interest.
As I said at the beginning, there is a lot of useful data and analysis in the DBIR. It is important to remember what you are trying to achieve by dissecting it. A targeted reading is a good strategy.
Click here to read the full DBIR report.