• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
2012 DBIR

2012 DBIR






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • This is the “see everything in one glance” visual. See pg 15 in the DBIR for talking points.

2012 DBIR 2012 DBIR Presentation Transcript

  • 2012 Data BreachInvestigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting &Information Security Service, Police Central e-Crime Unit, and United States Secret Service.
  • Data Breach Investigations Report (DBIR) series An ongoing study into the world of cybercrime that analyzes forensic evidence to uncover how sensitive data is stolen from organizations, who’s doing it, why they’re doing it, and, of course, what might be done to prevent it.Available at: http://verizonbusiness.com/databreachUpdates/Commentary: http://securityblog.verizonbusiness.com
  • Hold on… Wha???Why is my telco investigating breaches?
  • Enterprise Solutions to Meet Business Imperatives Communications Networking IT Services Security Services Mobility Services Services• Cloud-based Services • Government, Risk and • Contact Center • Internet • Advanced Compliance Services Communications• Data Center Services • Private WAN • Identity and Access • Unified • Applications and• Managed Applications • Private Point to Point Management Communications Content• Managed IT • Access Services • Managed Security • Video, Web and Audio • Global• Equipment and Conferencing • Managed Networks Communications • Equipment and Services Services • Traditional Voice • Equipment and • Hardware• Professional Services Services • ICSA Labs • Emergency • Mobile Data Communications • Professional Services • Professional Services • Voice and Messaging Services • Professional Services • Equipment and Services RISK Team • Professional Services falls here
  • 2012 DBIR Contributors
  • Methodology: Data Collection and Analysis• DBIR participants use the Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data.• Enables case data to be shared anonymously to RISK Team for analysisVERIS is a (open and free) set of metrics designed to provide a commonlanguage for describing security incidents (or threats) in a structured andrepeatable manner.VERIS: https://verisframework.wiki.zoho.com/
  • Unpacking the 2012 DBIRAn overview of our results and analysis
  • Threat Agents
  • Threat Agents: Larger Orgs
  • Threat Agents
  • Threat Agents: External
  • Threat Actions
  • Threat Actions: Larger Orgs
  • Top Threat Actions
  • Top Threat Actions: Larger Orgs
  • Compromised Assets
  • Most Compromised Assets
  • Asset Ownership, Hosting, and Management
  • Compromised Data
  • Compromised Data
  • Attack Difficulty
  • Attack Targeting
  • The 3-Day Workweek
  • Timespan of events
  • Timespan of events: Larger Orgs
  • Breach Discovery
  • Breach Discovery
  • Recommendations: Smaller Orgs
  • Recommendations: Larger Orgs
  • DBIR: www.verizonbusiness.com/databreachVERIS: https://verisframework.wiki.zoho.com/Blog: securityblog.verizonbusiness.comEmail: dbir@verizonbusiness.com