5 Things You Probably Missed In The Verizon DBIR
A look at a few of the lesser-noticed but meaty nuggets in the annual Verizon Data Breach Investigations Report (DBIR).
June 25, 2015
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltcf31cb347f9a16a9/64f0dc25bfd287f23d609720/DBIRSS1.png?width=700&auto=webp&quality=80&disable=upscale)
If you're still digesting this year's massive Verizon Data Breach Investigations Report (DBIR), you're not alone. The super-sized 2015 DBIR came with the usual popular data and rare insight on real-world incidents and breach cases, but with the addition of loads of data contributed by 70 other organizations from around the world.
Unless you've been combing the DBIR regularly since it was published in April, there's a good chance you missed a few things in it. Marc Spitler, co-author of the DBIR and senior risk analyst with Verizon, joined Dark Reading Radio yesterday and shared what may have been some of the possibly lesser-noticed or publicized nuggets from the report.
So grab your copy of the DBIR, and follow along to see what key research points you may have missed. Consider it a little summer reading for the beach.
Image: Verizon
Humans Are Still The Weakest Link--But There's A Silver Lining For Your Playbook
Everyone knows you can't patch a human. And Verizon's report showed that 23% of users open phishing messages, and 11% of them actually click on the attachments. About 50% open a phish and click on a link in the email within the first hour of an attack campaign.
You'll never stop all users from falling from a phish or other lure, Spitler says. "But we should also rejoice that 89% didn't" interact with a lure, he says.
Spitler says the findings reinforce the need for a "human sensor network," where if users see something, they can say something. "You have to have an established process and procedure if someone identifies something fishy--pun intended--so they know what they should do, who they should contact," he says.
Ideally, they would be able to click on a button if they spot something, and the appropriate person is automatically alerted.
Image: Verizon
In a Hurry? Start Here
Go to Figure 29 in the DBIR and bookmark it.
"If I had 5 minutes to do something with [the DBIR], I would go right to Figure 29," Spitler says.
"Take a look at your industry" and check the incident classification patterns there, he says.
So an accommodations business could see right away that 91% of attacks came via POS intrusions, for example.
"That's obviously something occurring in the real world at a very high rate for organizations like me," he says of the data.
Spitler says this matrix gives organizations a quick read on the real attacks that are happening in their industry, so they can make adjustments accordingly. "This is one of the most actionable figures we've ever had in the DBIR," he says.
Image: Verizon
In a Hurry? Start Here
Go to Figure 29 in the DBIR and bookmark it.
"If I had 5 minutes to do something with [the DBIR], I would go right to Figure 29," Spitler says.
"Take a look at your industry" and check the incident classification patterns there, he says.
So an accommodations business could see right away that 91% of attacks came via POS intrusions, for example.
"That's obviously something occurring in the real world at a very high rate for organizations like me," he says of the data.
Spitler says this matrix gives organizations a quick read on the real attacks that are happening in their industry, so they can make adjustments accordingly. "This is one of the most actionable figures we've ever had in the DBIR," he says.
If you're still digesting this year's massive Verizon Data Breach Investigations Report (DBIR), you're not alone. The super-sized 2015 DBIR came with the usual popular data and rare insight on real-world incidents and breach cases, but with the addition of loads of data contributed by 70 other organizations from around the world.
Unless you've been combing the DBIR regularly since it was published in April, there's a good chance you missed a few things in it. Marc Spitler, co-author of the DBIR and senior risk analyst with Verizon, joined Dark Reading Radio yesterday and shared what may have been some of the possibly lesser-noticed or publicized nuggets from the report.
So grab your copy of the DBIR, and follow along to see what key research points you may have missed. Consider it a little summer reading for the beach.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024