1 / 0

2014 D ata B reach I nvestigations R eport

SIMPLIFYING THE UNIVERSE OF THREATS. 2014 D ata B reach I nvestigations R eport. INSIDER MISUSE. PHYSICAL THEFT AND LOSS. PAYMENT CARD SKIMMERS. MISCELLANEOUS ERRORS. WEB-APP ATTACKS. DOS ATTACKS. POINT-OF-SALE INTRUSIONS. CRIMEWARE. 92. %.

booth
Download Presentation

2014 D ata B reach I nvestigations R eport

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIMPLIFYING THE UNIVERSE OF THREATS 2014 Data Breach Investigations Report INSIDER MISUSE PHYSICAL THEFT AND LOSS PAYMENT CARD SKIMMERS MISCELLANEOUS ERRORS WEB-APP ATTACKS DOS ATTACKS POINT-OF-SALE INTRUSIONS CRIMEWARE 92 % THE UNIVERSE OF THREATS MAY SEEM LIMITLESS, BUT 92% OF THE 100,000 INCIDENTS WE’VE ANALYZED FROM THE LAST 10 YEARS CAN BE DESCRIBED BY JUST NINE BASIC PATERNS. CYBER-ESPIONAGE Conducted by Verizon with contributions from 50 organizations from around the world.
  2. 2014 DBIR by the numbers
  3. Incidents that 50 global contributors investigated form the basis of the research
  4. DBIR 2014 Contributors
  5. The DBIR uses the VERIS framework for data collection and analysis Actor– Who did it? Action – How’d they do it? Asset – What was affected? Attribute – How was it affected? Documentation, classification examples, enumerations: http://veriscommunity.net/
  6. Decade of DBIR 4,217 Data Breaches over 10 years
  7. Internal and partner threat actors are fairly consistent; external ones are increasing
  8. Evolving motives
  9. Increased threat diversity reflects both better sharing and real trends
  10. 5 Years of Threat Actions:Phishing
  11. Phishing Success Rates
  12. Assets
  13. Data Variety
  14. Attackers are faster than defenders, and the gap is widening
  15. Law enforcement and third parties detect breaches more often; internal is still poor
  16. DBIR: A New approach Data Analytics with Data Breaches
  17. Last year, we noticed most breaches fit into patterns
  18. Misuse Error DoS Espionage Theft/Loss Crimeware Skimmers Web App Point of Sale 9 Incident Classification Patterns
  19. The nine patterns: comparing data breaches to security incidents
  20. Patterns over time
  21. Incident Classification Pattern Reports
  22. The frequency of patterns in an industry supports specific recommendations
  23. Incident Classification Pattern Recommendations
  24. Incident Pattern Recommendations Mapped to Critical Security Controls
  25. Critical Security Control MappingPrioritized by Industry
  26. Conclusion Incidents, industries, and controls
  27. Seven Key Recommendations Be vigilant and cover the basics. Make your people your first line of defense. Keep data on a ‘need to know basis’. Patch promptly. Encrypt sensitive data. Use two-factor authentication. Don’t forget physical security.
  28. Additional information is available Download: www.verizonenterprise.com/dbir VERIS: www.veriscommunity.net Email: DBIR@verizon.com Twitter: @vzdbirand hashtag#dbir Blog: http://www.verizonenterprise.com/security/blog/
  29. Verizon: A Trusted Security Partner
More Related