Key Lessons from the 2016 Verizon Data Breach Incident Report

Verizon 2016 DBIR.jpg

The annual Data Breach Incident Report (DBIR) is out and reinforcing the value of well-established cybersecurity practices.  The good folks at Verizon Enterprise have once again published one of the most respected annual reports in the security industry, the DBIR. 

The report sets itself apart with the author intentionally avoiding unreliable ‘survey’ data and instead striving to truly communicate what is actually happening across the cybersecurity breach landscape.  The perception of security typically differs greatly from reality, so this analysis provides some of the most relevant lessons for the field.

Report data is aggregated from real incidents that the company’s professional security services have responded to for external customers.  Additionally, a large number of security partners now also contribute data for the highly respected report.  Although this is not comprehensive across the industry, it does provide a unique and highly-valuable viewpoint, anchored in real incident response data.

Much of the findings support long-standing opinions on the greatest cybersecurity weaknesses and best practices.  Which is to say, I found nothing too surprising and it does reinforce the current directions for good advice.

Key Report Findings

1. Human Weaknesses

30% of phishing messages were opened by their intended victim

12% of those targets took the next step to open the malicious attachment or web link

2. Ransomware Rises

39% of crime-ware incidents were ransomware

3. Money for Data

95% of data breaches were motivated by financial gain

4. Attackers Sprint, Defenders Crawl

93% of data breaches were compromised in minutes

83% of victims took more than a week to detect breaches

5. Most of the Risk is from a Few Vulnerabilities

85% of successful traffic was attributed to the top 10 CVE vulnerabilities.  Although difficult to quantify and validate, it’s clear that top vulnerabilities should be prioritized

Key Lessons to Apply

1. Train users.  Users with permissions and trust are still the weakest link.  Phishing continues to be highly effective for attackers to leverage poorly trained users to give them access. 

2. Protect financially-valuable data from confidentiality, integrity, and availability attacks.  Expect attacks and be prepared to respond and recover.

3. Speed up detection capabilities.  Defenders must keep pace with attackers.  When preventative controls fail, it is imperative to quickly detect the exploit and maneuver to minimize overall impact.

4. Patch top vulnerabilities in operating systems, applications, and firmware.  Patch quickly or suffer.  It is a race; treat it as such.  Prioritize the work based upon severity ranking Serious vulnerabilities should not languish for months or years!

This is just a quick review.  The report contains much more information and insights.

I recommend reading the Executive Summary or the full DBIR Report.

Interested in more?  Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Published on Categories SecurityTags ,
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.