The 2012 Data Breach Investigations Report is a study conducted by Verizon with law enforcement agencies from several countries that analyzes data breaches to understand how data is stolen, who is responsible, their motives, and how to prevent future breaches. The report finds that external actors carried out most breaches, the most common threat actions were hacking and malware, and compromised credentials were the most common type of stolen data. It provides recommendations for organizations to strengthen security practices to reduce the risk of data breaches.

1. 2012 Data Breach
Investigations Report
A study conducted by the Verizon RISK Team with
cooperation from the Australian Federal Police, Dutch
National High Tech Crime Unit, Irish Reporting &
Information Security Service, Police Central e-Crime Unit,
and United States Secret Service.

2. Data Breach Investigations Report (DBIR) series
An ongoing study into the
world of cybercrime that
analyzes forensic evidence to
uncover how sensitive data is
stolen from organizations,
who’s doing it, why they’re
doing it, and, of course, what
might be done to prevent it.
Available at: http://verizonbusiness.com/databreach
Updates/Commentary: http://securityblog.verizonbusiness.com

3. Hold on… Wha???
Why is my telco investigating breaches?

4. Enterprise Solutions to Meet Business Imperatives
Communications Networking
IT Services Security Services Mobility
Services Services
• Cloud-based Services • Government, Risk and • Contact Center • Internet • Advanced
Compliance Services Communications
• Data Center Services • Private WAN
• Identity and Access • Unified • Applications and
• Managed Applications • Private Point to Point
Management Communications Content
• Managed IT • Access Services
• Managed Security • Video, Web and Audio • Global
• Equipment and Conferencing • Managed Networks Communications
• Equipment and
Services
Services • Traditional Voice • Equipment and • Hardware
• Professional Services Services
• ICSA Labs • Emergency • Mobile Data
Communications • Professional Services
• Professional Services • Voice and Messaging
Services
• Professional Services
• Equipment and
Services
RISK Team • Professional Services
falls here

5. 2012 DBIR Contributors

6. Methodology: Data Collection and Analysis
• DBIR participants use the
Verizon Enterprise Risk and
Incident Sharing (VERIS)
framework to collect and
share data.
• Enables case data to be
shared anonymously to RISK
Team for analysis
VERIS is a (open and free) set of metrics designed to provide a common
language for describing security incidents (or threats) in a structured and
repeatable manner.
VERIS: https://verisframework.wiki.zoho.com/

7. Unpacking the 2012 DBIR
An overview of our results and analysis

9. Threat Agents

10. Threat Agents: Larger Orgs

11. Threat Agents

12. Threat Agents: External

13. Threat Actions

14. Threat Actions: Larger Orgs

15. Top Threat Actions

16. Top Threat Actions: Larger Orgs

17. Compromised Assets

18. Most Compromised Assets

19. Asset Ownership, Hosting, and Management

20. Compromised Data

21. Compromised Data

22. Attack Difficulty

23. Attack Targeting

24. The 3-Day Workweek

25. Timespan of events

26. Timespan of events: Larger Orgs

27. Breach Discovery

28. Breach Discovery

30. Recommendations: Smaller Orgs

31. Recommendations: Larger Orgs

32. DBIR: www.verizonbusiness.com/databreach
VERIS: https://verisframework.wiki.zoho.com/
Blog: securityblog.verizonbusiness.com
Email: dbir@verizonbusiness.com