Datasets from the recent Verizon 2017 Data Breach Investigations Report (DBIR) show that some security teams still may be operating under false assumptions regarding what it takes to keep their organizations secure.
For starters, the same security standards don't apply across all vertical industries, says Suzanne Widup, a senior consultant for the Verizon RISK Team and co-author of the Verizon DBIR.
"It's not a one-size fits all situation," she says. "Look at what you have that will be stolen, how someone might steal it, and how to protect it."
The DBIR delves into what organizations are doing wrong from a security standpoint industry by industry as well as ways companies may be sabotaging their own security posture.
Among other things, organizations need to stop relying on user names/email address and passwords, the report says, given they are "rolling the dice" with reused passwords from other breaches. The DBIR shows that stolen or weak passwords contributed to 81% of all hacking–related breaches.
Here are other lessons learned from the DBIR data: in other words, beware of making these same mistakes in security.