informa
Slideshow

9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR

Mistakes and missteps plague enterprise security. The Verizon 2017 Data Breach Investigations Report (DBIR) offers nuggets on what organizations must stop doing – now.
Slow response to a security incident.
Underestimating and miscalculating DDoS attack volume and potential.
User training alone isn't enough to combat phishing.
Not properly prioritizing patches.
When retailers allow users to use email or surf the Web on their PoS systems.
Not performing physical inspections of ATMs and gas pumps.
Healthcare fails to adopt encryption hygiene.
Missing cyber spies.
Education sector must school its users in security as well.
1/9

Datasets from the recent Verizon 2017 Data Breach Investigations Report (DBIR) show that some security teams still may be operating under false assumptions regarding what it takes to keep their organizations secure.

For starters, the same security standards don't apply across all vertical industries, says Suzanne Widup, a senior consultant for the Verizon RISK Team and co-author of the Verizon DBIR.

"It's not a one-size fits all situation," she says. "Look at what you have that will be stolen, how someone might steal it, and how to protect it."

The DBIR delves into what organizations are doing wrong from a security standpoint industry by industry as well as ways companies may be sabotaging their own security posture.

Among other things, organizations need to stop relying on user names/email address and passwords, the report says, given they are "rolling the dice" with reused passwords from other breaches. The DBIR shows that stolen or weak passwords contributed to 81% of all hacking–related breaches.

Here are other lessons learned from the DBIR data: in other words, beware of making these same mistakes in security.

 
Next slide
Recommended Reading: