• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
2012 DBIR
 

2012 DBIR

on

  • 413 views

 

Statistics

Views

Total Views
413
Views on SlideShare
413
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • This is the “see everything in one glance” visual. See pg 15 in the DBIR for talking points.

2012 DBIR 2012 DBIR Presentation Transcript

  • 2012 Data BreachInvestigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting &Information Security Service, Police Central e-Crime Unit, and United States Secret Service.
  • Data Breach Investigations Report (DBIR) series An ongoing study into the world of cybercrime that analyzes forensic evidence to uncover how sensitive data is stolen from organizations, who’s doing it, why they’re doing it, and, of course, what might be done to prevent it.Available at: http://verizonbusiness.com/databreachUpdates/Commentary: http://securityblog.verizonbusiness.com
  • Hold on… Wha???Why is my telco investigating breaches?
  • Enterprise Solutions to Meet Business Imperatives Communications Networking IT Services Security Services Mobility Services Services• Cloud-based Services • Government, Risk and • Contact Center • Internet • Advanced Compliance Services Communications• Data Center Services • Private WAN • Identity and Access • Unified • Applications and• Managed Applications • Private Point to Point Management Communications Content• Managed IT • Access Services • Managed Security • Video, Web and Audio • Global• Equipment and Conferencing • Managed Networks Communications • Equipment and Services Services • Traditional Voice • Equipment and • Hardware• Professional Services Services • ICSA Labs • Emergency • Mobile Data Communications • Professional Services • Professional Services • Voice and Messaging Services • Professional Services • Equipment and Services RISK Team • Professional Services falls here
  • 2012 DBIR Contributors
  • Methodology: Data Collection and Analysis• DBIR participants use the Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data.• Enables case data to be shared anonymously to RISK Team for analysisVERIS is a (open and free) set of metrics designed to provide a commonlanguage for describing security incidents (or threats) in a structured andrepeatable manner.VERIS: https://verisframework.wiki.zoho.com/
  • Unpacking the 2012 DBIRAn overview of our results and analysis
  • Threat Agents
  • Threat Agents: Larger Orgs
  • Threat Agents
  • Threat Agents: External
  • Threat Actions
  • Threat Actions: Larger Orgs
  • Top Threat Actions
  • Top Threat Actions: Larger Orgs
  • Compromised Assets
  • Most Compromised Assets
  • Asset Ownership, Hosting, and Management
  • Compromised Data
  • Compromised Data
  • Attack Difficulty
  • Attack Targeting
  • The 3-Day Workweek
  • Timespan of events
  • Timespan of events: Larger Orgs
  • Breach Discovery
  • Breach Discovery
  • Recommendations: Smaller Orgs
  • Recommendations: Larger Orgs
  • DBIR: www.verizonbusiness.com/databreachVERIS: https://verisframework.wiki.zoho.com/Blog: securityblog.verizonbusiness.comEmail: dbir@verizonbusiness.com