This report analyzes data from over 500 security breach incidents between 2010-2011 involving more than 174 million compromised records. The key findings include:
- External threat agents such as criminal groups were responsible for 98% of breaches and over 99% of compromised records.
- Malware infections were the most common threat action, making up 69% of breaches and accounting for the theft of 95% of all compromised records.
- Small and medium sized businesses suffered the majority (81%) of breaches, with large corporations accounting for only 16% of incidents.
Rp data breach-investigations-report-2013-en_xgКомсс Файквэе
This document is the table of contents for the 2013 Data Breach Investigations Report, which analyzes data breaches from various organizations. The report includes sections on methodology, results and analysis, demographics of breached organizations, threat actors like external and internal parties, threat actions like hacking and malware, compromised assets and data, attack targeting and difficulty, breach timelines, and discovery methods.
Aon’s 2015 Global Risk Management Survey is designed to offer organizations the insights necessary to compete in
this increasingly complex operating environment
The document provides an introduction and overview of the Plumas County General Plan update process. It outlines the goals of the process, which include preserving the natural environment and cultural/historical resources while supporting economic development. It also gives background on Plumas County's history and landscapes. The briefing report aims to provide context and baseline information to inform the public engagement process for the General Plan update.
War Comes Home: The Excessive Militarization of American Police - Report- Mark - Fullbright
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
The role of banks in financing the agriculture and livestock sectors - Sept 2016Vipul Arora
This document is a report on the role of banks in financing the agriculture and livestock sectors. It provides an executive summary and then details the methodology used for the study, which involved researching banks in multiple countries. The report contains a global analysis section that provides key quantitative data on banks' exposure to agriculture. It also evaluates banks' policies for the agriculture sector and their ties to controversial companies. Finally, the report analyzes individual countries, assessing the agricultural lending trends and performance of banks in countries like Belgium, Brazil, France, Germany, Indonesia and Japan.
This document is the 2014 Global Report from the Global Entrepreneurship Monitor (GEM). It provides an overview of entrepreneurship trends and conditions around the world based on data collected through GEM's methodology. Key findings include assessments of social attitudes toward entrepreneurship, levels of individual entrepreneurial attributes and activities, and the state of national entrepreneurship ecosystems based on expert surveys. The report aims to help policymakers and others understand entrepreneurship and use GEM data to shape entrepreneurship policies and programs.
Social Safety Nets and Gender- Learning from Impact Evaluations and World Ban...Segen Moges
This document discusses social safety net programs and how they impact men and women. It analyzes impact evaluations and World Bank projects to understand outcomes. The document presents a framework for analyzing social safety nets and their gender impacts. It reviews results from impact evaluations on outcomes for women/men and girls/boys. It also discusses efficiency. Finally, it examines trends in how the World Bank has integrated gender considerations into its social safety net projects.
Rp data breach-investigations-report-2013-en_xgКомсс Файквэе
This document is the table of contents for the 2013 Data Breach Investigations Report, which analyzes data breaches from various organizations. The report includes sections on methodology, results and analysis, demographics of breached organizations, threat actors like external and internal parties, threat actions like hacking and malware, compromised assets and data, attack targeting and difficulty, breach timelines, and discovery methods.
Aon’s 2015 Global Risk Management Survey is designed to offer organizations the insights necessary to compete in
this increasingly complex operating environment
The document provides an introduction and overview of the Plumas County General Plan update process. It outlines the goals of the process, which include preserving the natural environment and cultural/historical resources while supporting economic development. It also gives background on Plumas County's history and landscapes. The briefing report aims to provide context and baseline information to inform the public engagement process for the General Plan update.
War Comes Home: The Excessive Militarization of American Police - Report- Mark - Fullbright
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
The role of banks in financing the agriculture and livestock sectors - Sept 2016Vipul Arora
This document is a report on the role of banks in financing the agriculture and livestock sectors. It provides an executive summary and then details the methodology used for the study, which involved researching banks in multiple countries. The report contains a global analysis section that provides key quantitative data on banks' exposure to agriculture. It also evaluates banks' policies for the agriculture sector and their ties to controversial companies. Finally, the report analyzes individual countries, assessing the agricultural lending trends and performance of banks in countries like Belgium, Brazil, France, Germany, Indonesia and Japan.
This document is the 2014 Global Report from the Global Entrepreneurship Monitor (GEM). It provides an overview of entrepreneurship trends and conditions around the world based on data collected through GEM's methodology. Key findings include assessments of social attitudes toward entrepreneurship, levels of individual entrepreneurial attributes and activities, and the state of national entrepreneurship ecosystems based on expert surveys. The report aims to help policymakers and others understand entrepreneurship and use GEM data to shape entrepreneurship policies and programs.
Social Safety Nets and Gender- Learning from Impact Evaluations and World Ban...Segen Moges
This document discusses social safety net programs and how they impact men and women. It analyzes impact evaluations and World Bank projects to understand outcomes. The document presents a framework for analyzing social safety nets and their gender impacts. It reviews results from impact evaluations on outcomes for women/men and girls/boys. It also discusses efficiency. Finally, it examines trends in how the World Bank has integrated gender considerations into its social safety net projects.
This document presents a joint initiative between the European Telecommunications Network Operators' Association (ETNO) and the World Wildlife Fund (WWF) to create a roadmap for reducing CO2 emissions in the EU and beyond using information and communication technologies. The roadmap proposes strategies for deploying ICT services to replace travel, enable de-materialization, support sustainable community planning, and aims to reduce CO2 emissions by 50 million tonnes per year by 2010.
This document provides a 10-year forecast of market demand for suborbital reusable vehicles (SRVs). It was jointly funded by the FAA Office of Commercial Space Transportation and Space Florida. The study defines different SRV market segments and provides forecasts for each segment, including commercial human spaceflight, research, technology demonstration, media/public relations, education, satellite deployment, remote sensing, and point-to-point transportation. Overall demand forecasts indicate several thousand SRV flights could occur within the next decade, generating hundreds of millions of dollars in revenue, if vehicle development and costs progress as expected.
1. The report provides a summary of the inspection of a home located at 1234 Any Street in Vacaville, California. Issues identified include needed repairs to missing downspouts, evaluation of an inadequately attached patio cover, plumbing repairs in the crawlspace, and servicing of the chimney flue. Safety issues such as replacing smoke detector batteries and repairing an open grounded outlet are also noted.
This document discusses poverty in Africa. It provides an overview of the types and quality of data available for measuring poverty on the continent. While data has improved, limitations still exist. The poor quality and limited availability of data pose challenges for accurately assessing poverty trends. The document also examines poverty from a non-monetary perspective, looking at indicators like health, education and living standards. Measuring multiple deprivations provides a more comprehensive view of poverty. Inequality in Africa is also discussed, including trends, unequal opportunities, and the rise of extreme wealth. Improving and expanding the data is key to better understanding and addressing poverty in the region.
This document outlines the policy wording for Zurich Business Insurance. It includes information about Zurich as the insurer, the insured's legal agreement with Zurich, general information and exclusions that apply to the policy, procedures for claims, and coverage details for various types of business insurance policies (e.g. property, business interruption, theft, money, machinery). It provides the terms and conditions of the insurance contracts between Zurich and its business customers.
This document provides an outline for the course MBA 604 Introduction to Probability and Statistics. It lists 11 topics that will be covered in the course, including data analysis, probability, random variables, sampling distributions, estimation, hypothesis testing, regression, and analysis of variance. The course is taught by Muhammad El-Taha in the Department of Mathematics and Statistics at the University of Southern Maine.
Pluripotent stem-cell-handbook-from-nature-and-thermoscienceAmira M. Heniedy
This document is a handbook about pluripotent stem cells. It contains sections on reprogramming cells into a pluripotent state, engineering pluripotent stem cells using tools like CRISPR-Cas9 and TALENs, culturing pluripotent stem cells in feeder-dependent and feeder-free systems, differentiating pluripotent stem cells into various cell types, and characterizing pluripotent stem cells and their differentiated progeny. The handbook provides information and protocols for working with pluripotent stem cells from initial reprogramming through differentiation and characterization.
Health Impact Assessment of the Shell Chemical Appalachia Petrochemical ComplexMarcellus Drilling News
A so-called Health Impact Assessment from the anti-drilling Clean Air Council of Philadelphia with loads of expensive proposals for Shell should they continue on their quest to build a $2-$3 billion ethane cracker near Pittsburgh.
Report wall street bank involvement with physical commodities (11-18-14)Ruslan Sivoplyas
The Permanent Subcommittee on Investigations has scheduled a two-day hearing, “Wall Street Bank Involvement With Physical Commodities,” on Thursday, November 20 and Friday, November 21, 2014.
After a two-year bipartisan investigation, the subcommittee will hold a hearing examining the extent to which banks and their holding companies own physical commodities like oil, natural gas, aluminum and other industrial metals, as well as own or control businesses like power plants, oil and gas pipelines, and commodity warehouses.
This document discusses the health and economic impacts of air pollution. It finds that air pollution poses significant threats to both human health and economic prosperity worldwide. Exposure to ambient (outdoor) air pollution and household air pollution from cooking with solid fuels causes millions of premature deaths annually. The economic costs of air pollution are also substantial, resulting in the loss of trillions of dollars worldwide each year in reduced economic output and welfare. While some regions have made progress in reducing indoor air pollution, ambient air pollution exposure continues to increase in many areas as economies develop. Stronger action is needed to address both indoor and outdoor air pollution to improve health outcomes and drive sustainable economic growth.
This document discusses the management of ingrown toenails, including:
- An overview of the surgical anatomy of the nail unit.
- Guidelines for pre-operative consultation, instrumentation, anesthesia, dressings, and post-operative management of ingrown toenail surgery.
- Details on the definition, pathogenesis, risk factors, classification, and scoring of ingrown toenails.
- Descriptions of conservative and surgical treatment options for ingrown toenails.
This document provides an overview of spectrum analysis and spectrum analyzer fundamentals. It discusses topics such as the frequency domain versus time domain, why spectra are measured, types of measurements and signal analyzers. It also covers the basic components and functioning of spectrum analyzers, including RF attenuators, filters, tuning, detectors, displays and more. Modern developments like digital IF and application-specific measurements are also summarized.
Think of epilepsy as an electrical storm in the brain. This abnormal brain activity causes seizures, unusual behavior or sensations, or a loss of awareness.
Most of the 50 million people who have it can live seizure-free if they take inexpensive, effective medicines. But 80% of people with epilepsy live in low- and middle-income countries, where three-quarters of them lack treatment, according to a new WHO global report on epilepsy.
The report is produced by WHO in collaboration with the International League Against Epilepsy (ILAE) and the International Bureau for Epilepsy (IBE).
This document provides guidance for law enforcement on partnering with other organizations to help drug endangered children. It discusses the roles that law enforcement, child welfare, medical providers, behavioral health treatment providers, prosecutors, and civil attorneys play in protecting children. The document emphasizes the importance of collaboration between these groups to ensure the safety and well-being of children living with substance abuse.
This document discusses applying technology to address challenges in the global refugee crisis. It examines the roles and responsibilities of various entities involved in using or contributing to technology for refugees, including refugees themselves, aid agencies, host countries, donors, technology companies, and research organizations. It also explores how technology is currently used in refugee settings for internet access, communication, information, education, employment, aid management, and identity issues. The document aims to inform organizations assisting refugees on the effective and ethical use of technology.
What Every CISO Needs to Know About Cyber InsuranceSymantec
This whitepaper provides information for CISOs on cyber insurance. It covers the evolving cyber threat landscape, recent legislative and regulatory updates, an overview of cyber insurance including what it covers and considerations for determining appropriate coverage levels. It also discusses the roles of privacy attorneys, insurance brokers, and crisis communications specialists in responding to cyber incidents. Sections provide guidance on avoiding litigation after a breach, notifying law enforcement, and choosing incident response vendors. The whitepaper aims to help CISOs understand cyber insurance and prepare for and respond to cyber incidents.
This document discusses the cyber threats facing the US national security supply chain. It notes that cyber threats present an unprecedented asymmetric threat. The global supply chain has become highly dependent on information technology and cyber networks, making it vulnerable to cyber attacks. Several sections discuss assessing the threat and securing the supply chain against cyber risks. It recommends a partnership between government and private industry to address these challenges through policy, technology, education and international cooperation.
This document is the Appraisal District Director's Manual published by the Texas Comptroller of Public Accounts. It provides information about governance of appraisal districts, duties and responsibilities of appraisal district boards of directors, appointing and duties of chief appraisers and appraisal review boards, and financial affairs of appraisal districts. The manual is intended as a general resource and does not constitute legal advice. Questions about property tax law should be directed to legal counsel.
Group Violence Intervention: Implementation GuidePatricia Hall
This document provides an implementation guide for Group Violence Intervention (GVI), a strategy that aims to reduce group-related violence. The guide discusses establishing an executive committee and working group to oversee GVI efforts. It also covers developing a communications strategy, assessing the local violence problem through a group audit and incident review process, and implementing call-in sessions to communicate messages to groups involved in violence.
This document presents a joint initiative between the European Telecommunications Network Operators' Association (ETNO) and the World Wildlife Fund (WWF) to create a roadmap for reducing CO2 emissions in the EU and beyond using information and communication technologies. The roadmap proposes strategies for deploying ICT services to replace travel, enable de-materialization, support sustainable community planning, and aims to reduce CO2 emissions by 50 million tonnes per year by 2010.
This document provides a 10-year forecast of market demand for suborbital reusable vehicles (SRVs). It was jointly funded by the FAA Office of Commercial Space Transportation and Space Florida. The study defines different SRV market segments and provides forecasts for each segment, including commercial human spaceflight, research, technology demonstration, media/public relations, education, satellite deployment, remote sensing, and point-to-point transportation. Overall demand forecasts indicate several thousand SRV flights could occur within the next decade, generating hundreds of millions of dollars in revenue, if vehicle development and costs progress as expected.
1. The report provides a summary of the inspection of a home located at 1234 Any Street in Vacaville, California. Issues identified include needed repairs to missing downspouts, evaluation of an inadequately attached patio cover, plumbing repairs in the crawlspace, and servicing of the chimney flue. Safety issues such as replacing smoke detector batteries and repairing an open grounded outlet are also noted.
This document discusses poverty in Africa. It provides an overview of the types and quality of data available for measuring poverty on the continent. While data has improved, limitations still exist. The poor quality and limited availability of data pose challenges for accurately assessing poverty trends. The document also examines poverty from a non-monetary perspective, looking at indicators like health, education and living standards. Measuring multiple deprivations provides a more comprehensive view of poverty. Inequality in Africa is also discussed, including trends, unequal opportunities, and the rise of extreme wealth. Improving and expanding the data is key to better understanding and addressing poverty in the region.
This document outlines the policy wording for Zurich Business Insurance. It includes information about Zurich as the insurer, the insured's legal agreement with Zurich, general information and exclusions that apply to the policy, procedures for claims, and coverage details for various types of business insurance policies (e.g. property, business interruption, theft, money, machinery). It provides the terms and conditions of the insurance contracts between Zurich and its business customers.
This document provides an outline for the course MBA 604 Introduction to Probability and Statistics. It lists 11 topics that will be covered in the course, including data analysis, probability, random variables, sampling distributions, estimation, hypothesis testing, regression, and analysis of variance. The course is taught by Muhammad El-Taha in the Department of Mathematics and Statistics at the University of Southern Maine.
Pluripotent stem-cell-handbook-from-nature-and-thermoscienceAmira M. Heniedy
This document is a handbook about pluripotent stem cells. It contains sections on reprogramming cells into a pluripotent state, engineering pluripotent stem cells using tools like CRISPR-Cas9 and TALENs, culturing pluripotent stem cells in feeder-dependent and feeder-free systems, differentiating pluripotent stem cells into various cell types, and characterizing pluripotent stem cells and their differentiated progeny. The handbook provides information and protocols for working with pluripotent stem cells from initial reprogramming through differentiation and characterization.
Health Impact Assessment of the Shell Chemical Appalachia Petrochemical ComplexMarcellus Drilling News
A so-called Health Impact Assessment from the anti-drilling Clean Air Council of Philadelphia with loads of expensive proposals for Shell should they continue on their quest to build a $2-$3 billion ethane cracker near Pittsburgh.
Report wall street bank involvement with physical commodities (11-18-14)Ruslan Sivoplyas
The Permanent Subcommittee on Investigations has scheduled a two-day hearing, “Wall Street Bank Involvement With Physical Commodities,” on Thursday, November 20 and Friday, November 21, 2014.
After a two-year bipartisan investigation, the subcommittee will hold a hearing examining the extent to which banks and their holding companies own physical commodities like oil, natural gas, aluminum and other industrial metals, as well as own or control businesses like power plants, oil and gas pipelines, and commodity warehouses.
This document discusses the health and economic impacts of air pollution. It finds that air pollution poses significant threats to both human health and economic prosperity worldwide. Exposure to ambient (outdoor) air pollution and household air pollution from cooking with solid fuels causes millions of premature deaths annually. The economic costs of air pollution are also substantial, resulting in the loss of trillions of dollars worldwide each year in reduced economic output and welfare. While some regions have made progress in reducing indoor air pollution, ambient air pollution exposure continues to increase in many areas as economies develop. Stronger action is needed to address both indoor and outdoor air pollution to improve health outcomes and drive sustainable economic growth.
This document discusses the management of ingrown toenails, including:
- An overview of the surgical anatomy of the nail unit.
- Guidelines for pre-operative consultation, instrumentation, anesthesia, dressings, and post-operative management of ingrown toenail surgery.
- Details on the definition, pathogenesis, risk factors, classification, and scoring of ingrown toenails.
- Descriptions of conservative and surgical treatment options for ingrown toenails.
This document provides an overview of spectrum analysis and spectrum analyzer fundamentals. It discusses topics such as the frequency domain versus time domain, why spectra are measured, types of measurements and signal analyzers. It also covers the basic components and functioning of spectrum analyzers, including RF attenuators, filters, tuning, detectors, displays and more. Modern developments like digital IF and application-specific measurements are also summarized.
Think of epilepsy as an electrical storm in the brain. This abnormal brain activity causes seizures, unusual behavior or sensations, or a loss of awareness.
Most of the 50 million people who have it can live seizure-free if they take inexpensive, effective medicines. But 80% of people with epilepsy live in low- and middle-income countries, where three-quarters of them lack treatment, according to a new WHO global report on epilepsy.
The report is produced by WHO in collaboration with the International League Against Epilepsy (ILAE) and the International Bureau for Epilepsy (IBE).
This document provides guidance for law enforcement on partnering with other organizations to help drug endangered children. It discusses the roles that law enforcement, child welfare, medical providers, behavioral health treatment providers, prosecutors, and civil attorneys play in protecting children. The document emphasizes the importance of collaboration between these groups to ensure the safety and well-being of children living with substance abuse.
This document discusses applying technology to address challenges in the global refugee crisis. It examines the roles and responsibilities of various entities involved in using or contributing to technology for refugees, including refugees themselves, aid agencies, host countries, donors, technology companies, and research organizations. It also explores how technology is currently used in refugee settings for internet access, communication, information, education, employment, aid management, and identity issues. The document aims to inform organizations assisting refugees on the effective and ethical use of technology.
What Every CISO Needs to Know About Cyber InsuranceSymantec
This whitepaper provides information for CISOs on cyber insurance. It covers the evolving cyber threat landscape, recent legislative and regulatory updates, an overview of cyber insurance including what it covers and considerations for determining appropriate coverage levels. It also discusses the roles of privacy attorneys, insurance brokers, and crisis communications specialists in responding to cyber incidents. Sections provide guidance on avoiding litigation after a breach, notifying law enforcement, and choosing incident response vendors. The whitepaper aims to help CISOs understand cyber insurance and prepare for and respond to cyber incidents.
This document discusses the cyber threats facing the US national security supply chain. It notes that cyber threats present an unprecedented asymmetric threat. The global supply chain has become highly dependent on information technology and cyber networks, making it vulnerable to cyber attacks. Several sections discuss assessing the threat and securing the supply chain against cyber risks. It recommends a partnership between government and private industry to address these challenges through policy, technology, education and international cooperation.
This document is the Appraisal District Director's Manual published by the Texas Comptroller of Public Accounts. It provides information about governance of appraisal districts, duties and responsibilities of appraisal district boards of directors, appointing and duties of chief appraisers and appraisal review boards, and financial affairs of appraisal districts. The manual is intended as a general resource and does not constitute legal advice. Questions about property tax law should be directed to legal counsel.
Group Violence Intervention: Implementation GuidePatricia Hall
This document provides an implementation guide for Group Violence Intervention (GVI), a strategy that aims to reduce group-related violence. The guide discusses establishing an executive committee and working group to oversee GVI efforts. It also covers developing a communications strategy, assessing the local violence problem through a group audit and incident review process, and implementing call-in sessions to communicate messages to groups involved in violence.
This document discusses harnessing the Internet of Things (IoT) for global development. It defines the IoT and how it is emerging through connectivity of physical objects via sensors and networks. The IoT can benefit several development sectors such as healthcare, water/sanitation, agriculture, climate resilience, and energy access. However, challenges to deploying the IoT in developing countries include technical issues, lack of policies and standards, security/privacy concerns, and limited infrastructure. The document provides recommendations to support the IoT, including expanding connectivity and coordinating stakeholders.
The document is a report from Arbor Networks that analyzes data from a survey of over 500 network operators regarding infrastructure security threats in 2011. Some key findings include:
- Distributed denial-of-service (DDoS) attacks were considered the most significant operational threat. Application-layer DDoS attacks using HTTP floods were most common.
- The largest reported DDoS attacks exceeded 100 Gbps in bandwidth. Major online gaming and gambling sites were frequently targeted.
- Most respondents experienced multiple DDoS attacks per month and detected increased awareness of the DDoS threat over the previous year.
- Network traffic detection, classification, and event correlation tools were commonly used to identify attacks and trace sources. DDo
This document evaluates the Strategic Decision Support Centers (SDSCs) implemented by the Chicago Police Department.
The SDSCs are real-time crime centers located in each police district that bring together staff, technologies, and data to support policing operations and strategic decision-making. The evaluation assessed SDSC operations, technologies, and the impact on crime rates.
The evaluation found that the SDSCs functioned as intended by facilitating communication and information sharing. Technologies like ShotSpotter, police cameras, and mapping tools supported response to crimes and monitoring of areas. Statistical analyses estimated that SDSCs were associated with moderate reductions in total crime rates of 5-10% in their respective districts.
This document evaluates the Strategic Decision Support Centers (SDSCs) implemented by the Chicago Police Department.
The SDSCs are real-time crime centers located in each police district that bring together staff, technologies, and data to support policing operations and strategic decision-making. The evaluation assessed SDSC operations, technologies, and the impact on crime rates.
The evaluation found that the SDSCs functioned as intended by facilitating communication and information sharing. Technologies like gunshot detection systems and video feeds provided timely data to police. Crime analysis supported strategic planning. However, opportunities for improvement were identified, such as better integrating technologies and standardizing processes across districts.
Statistical analysis found that monthly crime counts, including homic
Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures — and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities.
Fraud risk managementA guide to good practice1Th.docxshericehewat
This document provides guidance on fraud risk management. It discusses the extent and causes of fraud, outlines the risk management process, and provides recommendations for fraud prevention, detection, and response. The guidance was updated by CIMA (the Chartered Institute of Management Accountants) with input from fraud experts. It is intended to help organizations effectively counter fraud and manage risks.
Rapport de la Banque Mondiale sur la Production et la Consommation du Charbon...Stanleylucas
This document summarizes a national assessment of charcoal production and consumption trends in Haiti. It was conducted by an interdisciplinary team led by the World Bank and included field research, interviews, and data collection on charcoal production and trade over three sampling periods. The results found that charcoal production and trade is highly concentrated around Port-au-Prince and varies significantly within days of the week and across regions of Haiti. Production in more remote areas is supplemented by "feeder roads" that transport additional charcoal into urban areas.
A buffer overflow study attacks and defenses (2002)Aiim Charinthip
This document provides an overview of buffer overflow attacks and defenses. It discusses stack and heap overflows, and how programs can be exploited by overwriting memory buffers. It then summarizes various protection solutions, including Libsafe and the Grsecurity kernel patch, which make the stack and heap non-executable to prevent execution of injected code. The document serves as an introduction to buffer overflows and techniques for mitigating these vulnerabilities.
Moving Toward the Future of Policing (RAND)Twittercrisis
This document provides information about the RAND Corporation and discusses policing in the future. It begins with contact information for RAND and instructions for accessing the full document. The document then discusses how technology, evolving threats, and changes in society will impact policing concepts of operations going forward. Key points discussed include the need for improved cross-jurisdictional cooperation, leveraging new technologies like data collection and analysis, and adapting policing models to address cybercrime and other emerging threats. The full document provides more detailed analysis of these topics and considerations for moving policing models toward an effective future state.
This document outlines the policy wording for Zurich Business Insurance. It includes information about Zurich as the insurer, the insured's legal agreement with Zurich, general information and exclusions that apply to the policy, procedures for claims, and coverage details for various types of business insurance like property, business interruption, theft, money, machinery, electronic equipment, liability and more. Key terms are defined.
This document presents the first report of the National Emergency Laparotomy Audit (NELA) in the UK. It summarizes data from over 5000 emergency abdominal surgery patients collected from 178 hospitals across England and Wales between December 2013 and November 2014. The report finds considerable variation in care processes and outcomes between hospitals. It identifies several areas for improvement, such as increasing the percentage of patients receiving consultant review within 12 hours and those having their risk documented preoperatively. The report concludes with recommendations to standardize and improve care for emergency laparotomy patients.
Aon’s first cyber captive survey, conducted in fall 2015, has
gathered input from 128 of Aon’s captive clients, which represent a broad range of industries and geographical regions.
Similar to Rp data breach-investigations-report-2012-en_xg (20)
The document summarizes McAfee's Threats Report for the third quarter of 2013. Some key points:
- Mobile malware increased 33% while overall new malware exceeded 20 million. New ransomware and rootkits also rose.
- Digital currencies like Bitcoin are increasingly used by cybercriminals for money laundering and anonymous transactions on dark web markets. The shutdown of Silk Road prompted new illegal sites.
- The "Deep Web" contains unregulated online markets selling illegal drugs, weapons, credit cards, and even murder-for-hire services accessible through Tor and paid with Bitcoin.
- Hacktivism and political hacking increased, while spam volume reached its highest level since 2010. Browser
The document summarizes phishing activity trends from the 2nd quarter of 2013 based on data reported to the Anti-Phishing Working Group (APWG). Some key findings include:
- The number of unique brands targeted by phishing attacks set a new record high in April of 441 brands.
- During Q2 2013, a total of 639 unique brands were targeted, topping the previous high of 614 brands in Q4 2012.
- Phishing hosted in Russia almost disappeared in June, replaced by phishing hosted in Kazakhstan, highlighting the mobility of criminal infrastructure across countries.
- The number of unique phishing reports submitted to APWG saw a steady decrease during the quarter, dropping
The document summarizes a mobile threat report for Q3 2013. It finds that 252 of the 259 new mobile threat families and variants discovered were for Android, with trojans making up the largest percentage at 88%. It also notes an increasing trend of profit-motivated mobile malware, with 81.1% of new threats aiming to generate money through unauthorized SMS messages. The report discusses recent developments like the identification of the creator of the Pincer Android banking trojan and the emergence of tools that simplify inserting malware into legitimate apps.
The document provides a specification for the Silent Circle Instant Messaging Protocol (SCIMP). SCIMP enables private conversations over instant messaging and draws from related protocols like ZRTP, OTR, and Cryptocat. It provides strong encryption, authentication, and perfect forward secrecy using algorithms approved by NIST like ECCDH, AES, and SHA. The protocol establishes an encrypted session in 3 messages using key continuity and optional voice verification to prevent man-in-the-middle attacks. It then encrypts messages with CCM authenticated encryption.
The document discusses improvements organizations have made to address cyber threats, but also areas that still need work. It finds that many organizations now recognize the extent of cyber threats, with 76% owning information security policies at the highest level. 70% conduct security assessments of third parties accessing their data. However, the document notes that while improvements have been made, organizations need to do more quickly to address increasing cyber risks. Leading practices and innovation are needed to better protect against known and unknown future threats.
The document discusses HTTP request hijacking attacks against native mobile apps. It describes how an attacker can intercept an app's HTTP requests and redirect them to a malicious server using 301 redirects, allowing the attacker to control the app's traffic. The presentation demonstrates this attack and discusses how it can be extended through techniques like malicious profiles and captive networks. It provides recommendations for developers to prevent request hijacking through secure communication and cache policies, and advises end users and organizations on security best practices.
B istr main-report_v18_2012_21291018.en-usКомсс Файквэе
The document summarizes key internet security trends from 2012, as analyzed by Symantec Corporation in their Internet Security Threat Report. Some of the top trends include:
1) Small businesses were increasingly targeted by attackers, with 50% of attacks aimed at businesses with less than 2,500 employees. Small businesses are seen as having weaker security defenses.
2) Malware authors sought to steal users' private information through spying on computers, mobile devices, and social networks, in order to profit through identity theft and banking fraud. Targeted attacks involved extensive profiling of victims.
3) The rise of mobile malware continued significantly, with a 58% increase in mobile malware families compared to 2011. However, mobile
The document provides an overview of cybersecurity threats in the first half of 2013. Key points include:
- Exploit attacks targeting known Java vulnerabilities accounted for about half of all detections, focusing on CVE-2013-1493 and CVE-2011-3544.
- The ZeroAccess botnet was active spreading via exploit kits and Java exploits, with potential monthly profits from Bitcoin mining estimated at over $50,000.
- Ransomware called "Anti Child Porn Spam Protection" circulated in March and April.
- APT attacks often use specially crafted documents as bait targeting people in specific organizations or fields.
- The first Android malware spread through spam emails was
In August 2013, Symantec reported the following key findings:
1. Social media scams involving fake discount offers dominated social attacks in 2013, comprising 82% of incidents. Fake plug-ins were the second most common attack at 8.2%.
2. There were 7 reported data breaches in August, with an additional 9 from earlier in the year, bringing the 2013 total to 125 breaches exposing 91 million identities. The top 3 exposed data types were real names, birth dates, and government IDs.
3. 213 new mobile malware variants were discovered in August, a modest increase from July. Cumulative Android malware reached 6,852 variants in 2013.
The document summarizes the results of a test of the effectiveness of various home anti-virus programs. It found that the most accurate programs, which blocked threats without falsely flagging legitimate software, were BitDefender Internet Security 2013, Kaspersky Internet Security 2013, and Norton Internet Security 2013. However, some free programs like Avast! Free Antivirus 8 were also effective. The tests exposed the programs to real internet threats to evaluate their ability to protect users from malware infections.
The document provides an overview of threats in the first quarter of 2012 according to McAfee Labs. It saw significant increases in many areas of malware and threats after declines in late 2011. Mobile malware targeting Android devices increased dramatically, reaching nearly 7,000 samples. Established rootkits like Koutodoor rebounded and the new ZeroAccess rootkit emerged. Signed malware and password-stealing Trojans also increased substantially. Spam volume grew early in the quarter but resumed its downward trend. The US continued to host the most malicious web content.
The document summarizes the results of a test of Kaspersky's Whitelisting Database conducted by AV-Test GmbH from November 2012 to January 2013. The test assessed the database's coverage, quality, speed, false positive rate, and default deny mode. It found that Kaspersky had very good coverage of over 91% for files previously known, and 50% coverage of new daily files at the time of testing. Response times for database queries and additions were generally fast. The database was found to provide useful qualification and metadata for known files while maintaining a low false positive rate in default deny mode.
This document summarizes the key findings from an analysis of over 26,000 malware samples collected over 3 months from over 1,000 enterprise networks. The analysis found that 90% of unknown malware was delivered via web browsing, with an average of 20 days to detection compared to 5 days for email-delivered malware. The document provides recommendations to address unknown malware such as bringing anti-malware technologies into networks, enabling real-time detection and blocking, and enforcing user and application controls on files transfers.
This document compares application control software from four vendors: Kaspersky Endpoint Security for Windows, McAfee Application Control, Sophos Endpoint Protection - Advanced, and Symantec Endpoint Protection. It evaluates their abilities to regularly control applications, audit installed software, protect against advanced persistent threats, and manage users. The testing found that Kaspersky provided the most fully-featured application control and was most effective against threats. While no product was perfect, default deny policies that whitelist approved applications were deemed the strongest approach to application control.
The PandaLabs annual report for 2012 summarizes key security events of the year. Mobile malware increased, targeting Android devices especially through third-party app stores. Ransomware like the "Police Virus" spread through social engineering. Cyber attacks targeted corporations and governments. Macs saw their largest infection to date, showing they are also vulnerable. Trends in social media threats and cyber espionage were analyzed. The report concludes with a forecast of security trends for 2013.
This document provides information about a graduate-level course on medical device security taught by Professor Kevin Fu at the University of Michigan. The key points are:
1. The course covers topics in computer engineering, human factors, and regulatory policy to teach students how to create more secure medical devices.
2. Students will complete a group project analyzing the security of a real-world medical device and apply the concepts learned in class.
3. Grades are based on the group project, individual homework, exams, and class participation. The group project makes up 40% of the final grade.
This document is the table of contents for the course "EECS 598-008: Medical Device Security" taught at the University of Michigan. It lists 17 readings on topics related to medical device and software security, safety, and regulation. The readings are from books and cover subjects like software design principles, identifying and preventing software defects, system dependability requirements, design of implantable cardiac devices, embedded debugging methods, system safety principles, managing safety culture, medication errors in healthcare, privacy and security economics, and FDA regulation of medical devices. The instructor is listed as Prof. Kevin Fu and additional reading material is noted to be available on the course website.
This document summarizes predictions for cyber threats in 2013 from McAfee Labs researchers. They predict:
- Mobile worms that buy malicious apps and steal payment info using NFC. Malware that blocks security updates on phones. Ransomware "kits" for mobile.
- Covert, persistent attacks targeting below the kernel of Windows. Rapid development of ways to attack the new Windows 8 and HTML5.
- Large-scale infrastructure attacks like Stuxnet. Highly targeted attacks using the Citadel Trojan to evade detection. Malware that reconnects after botnets are taken down.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
2. 2012 Data BREACH Investigations Report
A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police,
Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service,
Police Central e-Crime Unit, and United States Secret Service.
4. Executive Summary
2011 will almost certainly go down as a year of civil and cultural uprising. Citizens revolted, challenged, and even
overthrew their governments in a domino effect that has since been coined the “Arab Spring,” though it stretched
beyond a single season. Those disgruntled by what they perceived as the wealth-mongering “1%” occupied Wall
Street along with other cities and venues across the globe. There is no shortage of other examples.
This unrest that so typified 2011 was not, however, constrained to the physical world. The online world was rife
with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks. While these activities
encompassed more than data breaches (e.g., DDoS attacks),
the theft of corporate and personal information was This re-imagined and re-invigorated
certainly a core tactic. This re-imagined and re-invigorated specter of “hacktivism” rose to haunt
specter of “hacktivism” rose to haunt organizations around
organizations around the world.
the world. Many, troubled by the shadowy nature of its
origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or
imagined. Doubly concerning for many organizations and executives was that target selection by these groups
didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you
can’t predict their behavior.
It wasn’t all protest and lulz, however. Mainline cybercriminals continued to automate and streamline their method
du jour of high-volume, low-risk attacks against weaker targets. Much less frequent, but arguably more damaging,
were continued attacks targeting trade secrets, classified information, and other intellectual property. We
certainly encountered many faces, varied tactics, and diverse motives in the past year, and in many ways, the 2012
Data Breach Investigations Report (DBIR) is a recounting of the many facets of corporate data theft.
855 incidents, 174 million compromised records.
This year our DBIR includes more incidents, derived from more contributors, and represents a broader and more
diverse geographical scope. The number of compromised records across these incidents skyrocketed back up to
174 million after reaching an all-time low (or high, depending on your point of view) in last year’s report of four
million. In fact, 2011 boasts the second-highest data loss total since we started keeping track in 2004.
Once again, we are proud to announce that the United States Secret Service (USSS) and the Dutch National High
Tech Crime Unit (NHTCU) have joined us for this year’s report. We also
It wasn’t all protest and welcome the Australian Federal Police (AFP), the Irish Reporting &
lulz, however. Mainline Information Security Service (IRISSCERT), and the Police Central
e-Crime Unit (PCeU) of the London Metropolitan Police. These
cybercriminals continued to
organizations have broadened the scope of the DBIR tremendously
automate and streamline their with regard to data breaches around the globe. We heartily thank
method du jour of high-volume, them all for their spirit of cooperation, and sincerely hope this report
serves to increase awareness of cybercrime, as well as our collective
low-risk attacks against ability to fight it.
weaker targets.
With the addition of Verizon’s 2011 caseload and data contributed
from the organizations listed above, the DBIR series now spans eight years, well over 2000 breaches, and greater
than one billion compromised records. It’s been a fascinating and informative journey, and we are grateful that
many of you have chosen to come along for the ride. As always, our goal is that the data and analysis presented in
this report prove helpful to the planning and security efforts of our readers. We begin with a few highlights below.
2
5. Who is behind data breaches?
No big surprise here; outsiders are still dominating the scene
98% stemmed from external agents (+6%) of corporate data theft. Organized criminals were up to their
typical misdeeds and were behind the majority of breaches in
2011. Activist groups created their fair share of misery and
4% implicated internal employees (-13%)
mayhem last year as well—and they stole more data than any
other group. Their entrance onto the stage also served to
change the landscape somewhat with regard to the
motivations behind breaches. While good old-fashioned
<1% committed by business partners (<>) greed and avarice were still the prime movers, ideological
dissent and schadenfreude took a more prominent role
across the caseload. As one might expect with such a rise in
58% of all data theft tied to activist groups external attackers, the proportion of insider incidents
declined yet again this year to a comparatively scant 4%.
How do breaches occur?
Incidents involving hacking and malware were both up
considerably last year, with hacking linked to almost all 81% utilized some form of hacking (+31%)
compromised records. This makes sense, as these threat
69% incorporated malware (+20%)
actions remain the favored tools of external agents, who, as
described above, were behind most breaches. Many attacks
continue to thwart or circumvent authentication by combining
10% involved physical attacks (-19%)
stolen or guessed credentials (to gain access) with backdoors
(to retain access). Fewer ATM and gas pump skimming cases
this year served to lower the ratio of physical attacks in this
7%
report. Given the drop in internal agents, the misuse category
employed social tactics (-4%)
had no choice but to go down as well. Social tactics fell a little,
but were responsible for a large amount of data loss.
5% resulted from privilege misuse (-12%)
What commonalities exist?
Findings from the past year continue to show that target
79% of victims were targets of opportunity (-4%) selection is based more on opportunity than on choice. Most
victims fell prey because they were found to possess an
96% of attacks were not highly difficult (+4%)
(often easily) exploitable weakness rather than because they
were pre-identified for attack.
Whether targeted or not, the great majority of victims
94 % of all data compromised involved servers (+18%) succumbed to attacks that cannot be described as highly
difficult. Those that were on the more sophisticated side
usually exhibited this trait in later stages of the attack after
85% of breaches took weeks or more to discover (+6%) initial access was gained.
Given this, it’s not surprising that most breaches were
avoidable (at least in hindsight) without difficult or expensive
92% of incidents were discovered by a third party (+6%) countermeasures. Low levels of PCI DSS adherence highlight a
plethora of issues across the board for related organizations.
97% of breaches were avoidable through simple or
While at least some evidence of breaches often exists,
intermediate controls (+1%) victims don’t usually discover their own incidents. Third
parties usually clue them in, and, unfortunately, that typically
happens weeks or months down the road.
96% of victims subject to PCI DSS had not achieved
compliance (+7%) Did you notice how most of these got worse in 2011?
3
6. Where should mitigation efforts
be focused?
Once again, this study reminds us that our profession has
Smaller organizations
the necessary tools to get the job done. The challenge for
the good guys lies in selecting the right tools for the job at Implement a firewall or ACL on remote access services
hand and then not letting them get dull and rusty over time.
Evidence shows when that happens, the bad guys are quick Change default credentials of POS systems and
to take advantage of it. other Internet-facing devices
As you’ll soon see, we contrast findings for smaller and larger If a third party vendor is handling the two items
organizations throughout this report. You will get a sense for above, make sure they’ve actually done them
how very different (and in some cases how very similar) their
problems tend to be. Because of this, it makes sense that the Larger organizations
solutions to these problems are different as well. Thus, most
of the recommendations given at the end of this report relate Eliminate unnecessary data; keep tabs on what’s left
to larger organizations. It’s not that we’re ignoring the smaller
guys—it’s just that while modern cybercrime is a plague upon Ensure essential controls are met; regularly check
their house, the antidote is fairly simple and almost universal. that they remain so
Larger organizations exhibit a more diverse set of issues that Monitor and mine event logs
must be addressed through an equally diverse set of
corrective actions. We hope the findings in this report help to Evaluate your threat landscape to prioritize your
prioritize those efforts, but truly tailoring a treatment treatment strategy
strategy to your needs requires an informed and introspective
assessment of your unique threat landscape. Refer to the conclusion of this report for indicators
and mitigators for the most common threats
Got a question or a comment about the DBIR?
Drop us a line at dbir@verizon.com, find us on Facebook,
or post to Twitter with the hashtag #dbir.
4
7. Methodology
Based on the feedback we receive about this report, one of the things readers value most is the level of rigor and
honesty we employ when collecting, analyzing, and presenting data. That’s important to us, and we appreciate your
appreciation. Putting this report together is, quite frankly, no walk in the park (855 incidents to examine isn’t exactly
a light load). If nobody knew or cared, we might be tempted to shave off some
The underlying
time and effort by cutting some corners, but the fact that you do know and do
care helps keep us honest. And that’s what this section is all about. methodology used
by Verizon remains
Verizon Data Collection Methodology
The underlying methodology used by Verizon remains relatively unchanged
relatively unchanged
from previous years. All results are based on first-hand evidence collected from previous years. All
during paid external forensic investigations conducted by Verizon from 2004
results are based on first-
to 2011. The 2011 caseload is the primary analytical focus of the report, but
the entire range of data is referenced extensively throughout. Though the hand evidence collected
RISK team works a variety of engagements (over 250 last year), only those during paid external
involving confirmed data compromise are represented in this report. There
forensic investigations.
were 90 of these in 2011 that were completed within the timeframe of this
report. To help ensure reliable and consistent input, we use the Verizon Enterprise Risk and Incident Sharing
(VERIS) framework to record case data and other relevant details (fuller explanation of this to follow). VERIS data
points are collected by analysts throughout the investigation lifecycle and completed after the case closes. Input
is then reviewed and validated by other members of the RISK team. During the aggregation process, information
regarding the identity of breach victims is removed from the repository of case data.
Data Collection Methodology for other contributors
The USSS, NHTCU, AFP, IRISSCERT, and PCeU differed in precisely how they collected data contributed for this
report, but they shared the same basic approach. All leveraged VERIS as the common denominator but used varying
mechanisms for data entry. For instance, agents of the USSS used a VERIS-based internal application to record
pertinent case details. For the AFP, we interviewed lead agents on each case, recorded the required data points,
and requested follow-up information as necessary. The particular mechanism of data collection is less important
than understanding that all data is based on real incidents and, most importantly, real facts about those incidents.
These organizations used investigative notes, reports provided by the victim or other forensic firms, and their own
experience gained in handling the case. The collected data was purged of any information that might identify
organizations or individuals involved and then provided to Verizon’s RISK Team for aggregation and analysis.
From the numerous investigations worked by these organizations in 2011, in alignment with the focus of the DBIR,
the scope was narrowed to only those involving confirmed organizational data breaches. The scope was further 1
narrowed to include only cases for which Verizon did not conduct the forensic investigation. All in all, these 2
agencies contributed a combined 765 breaches for this report. Some may raise an eyebrow at the fact that Verizon’s
caseload represents a relatively small proportion of the overall dataset discussed in this report, but we couldn’t be
happier with this outcome. We firmly believe that more information creates a more complete and accurate
understanding of the problem we all collectively face. If that means our data takes a backseat in a Verizon-authored
publication, so be it; we’ll trade share of voice for shared data any day of the week.
1 “Organizational data breach” refers to incidents involving the compromise (unauthorized access, theft, disclosure, etc.) of non-public information while it was stored, processed, used, or transmitted
by an organization.
2 We often work, in one manner or another, with these agencies during an investigation. To eliminate redundancy, Verizon-contributed data were used when both Verizon and another agency worked the
same case.
5
8. While we’re on that topic, if your organization investigates or handles data breaches and might be interested in
contributing to future DBIRs, let us know. The DBIR family continues to grow, and we welcome new members.
A brief primer on VERIS
VERIS is a framework designed to provide a common language for describing security incidents in a structured and
repeatable manner. It takes the narrative of “who did what to what (or whom) with what result” and translates it into
the kind of data you see presented in this report. Because many readers asked about the methodology behind the
DBIR and because we hope to facilitate more information sharing on security incidents, we have released VERIS for
free public use. A brief overview of VERIS is available on our website3 and the complete framework can be obtained
from the VERIS community wiki.4 Both are good companion references to this report for understanding
terminology and context.
Classifying Incidents Using VERIS
The Incident Classification section of the VERIS Framework translates the incident narrative of “who did what to
what (or whom) with what result” into a form more suitable for trending and analysis. To accomplish this, VERIS
employs the A4 Threat Model developed by Verizon’s RISK team. In the A4 model, a security incident is viewed as a
series of events that adversely affects the information assets of an organization. Every event is comprised of the
following elements (the four A’s):
• Agent: Whose actions affected the asset
• Action: What actions affected the asset
• Asset: Which assets were affected
• Attribute: How the asset was affected
It is our position that the four A’s represent the minimum information necessary to adequately describe any incident
or threat scenario. Furthermore, this structure provides an optimal framework within which to measure frequency,
associate controls, link impact, and many other concepts required for risk management.
If we calculate all the combinations of the A4 model’s highest-level elements, (three Agents, seven Actions, five
Assets, and three Attributes), 315 distinct threat events emerge. The grid in Figure 1 graphically represents these
5
and designates a Threat Event Number (hereafter referenced by TE#)
It is our position that the four to each. TE1, for instance, coincides with External Malware that affects
A’s represent the minimum the Confidentiality of a Server. Note that not all 315 A4 combinations
are feasible. For instance, malware does not, insofar as we know, infect
information necessary to
people…though it does make for intriguing sci-fi plots.
adequately describe any
incident or threat scenario. Turning the Incident Narrative into Metrics
As stated above, incidents often involve multiple threat events.
Identifying which are in play, and using them to reconstruct the chain of events is how we model an incident to
generate the statistics in this report. By way of example, we describe below a simplified hypothetical incident
where a “spear phishing” attack is used to exfiltrate sensitive data and intellectual property (IP) from an organization.
The flowchart representing the incident includes four primary threat events and one conditional event. A brief 6
description of each event is given along with the corresponding TE#s and A4 categories from the matrix exhibited earlier.
3 http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf
4 https://verisframework.wiki.zoho.com/
5 Some will remember that this grid showed 630 intersections as presented in the 2011 DBIR. The difference is a result of the number of security attributes depicted. While we still recognize the six
attributes of the “Parkerian Hexad,” we (with input from others) have decided to use and present them in paired format (e.g., “confidentiality and possession losses”). Thus, the notions of
confidentiality versus possession are preserved, but data analysis and visualization is simplified (a common request from VERIS users). More discussion around this change can be found on the
Attributes section of the VERIS wiki.
6 See the Error section under Threat Actions for an explanation of conditional events.
6
9. Figure 1. VERIS A4 Grid depicting the 315 high-level threat events
Malware Hacking Social Misuse Physical Error Environmental
Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt
Confidentiality 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
& Possession
Servers
Integrity & 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
Authenticity
Availability 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
& Utility
Confidentiality 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84
& Possession
Networks
Integrity & 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105
Authenticity
Availability 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
& Utility
Confidentiality 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147
User Devices
& Possession
Integrity & 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168
Authenticity
Availability 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189
& Utility
Confidentiality 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210
Offline Data
& Possession
Integrity & 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231
Authenticity
Availability 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252
& Utility
Confidentiality 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273
& Possession
People
Integrity & 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294
Authenticity
Availability 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315
& Utility
Once the construction of the main event chain is complete, additional classification can add more specificity
around the elements comprising each event (i.e., the particular type of External agent or exact Social tactics used,
etc.). The incident is now “VERIS-ized” and useful metrics are available for reporting and further analysis.
The process described above has value beyond just describing the
incident itself; it also helps identify what might have been done (or
not done) to prevent it. The goal is straightforward: break the chain
of events and you stop the incident from proceeding.
One final note before we conclude this sub-section. The process described above has value beyond just describing
the incident itself; it also helps identify what might have been done (or not done) to prevent it. The goal is
straightforward: break the chain of events and you stop the incident from proceeding. For instance, security
awareness training and e-mail filtering could help keep E1 from occurring. If not, anti-virus and a least-privilege
implementation on the laptop might prevent E2. Stopping progression between E2 and E3 may be accomplished
through egress filtering or netflow analysis to detect and prevent backdoor access. Training and change control
procedures could help avoid the administrator’s misconfiguration described in the conditional event and preclude
the compromise of intellectual property in E4. These are just a few examples of potential controls for each event,
but the ability to visualize a layered approach to deterring, preventing, and detecting the incident should be apparent.
7
10. Figure 2. Sample VERIS incident scenario
E1 E2 E3 CE1 E4
External agent sends External agent accesses External agent accesses
System administrator
a phishing e-mail that Malware infects the the exec’s laptop via a mapped file server
misconfigures access
successfully lures an exec’s laptop, creating the backdoor, viewing from the exec’s laptop
controls when building
executive to open a backdoor. e-mail and other and steals intellectual
a new file server.
the attachment. sensitive data. property.
TE#280 TE#148 TE#130 TE# 38 TE#4
External External External Internal External
Social Malware Hacking Error Hacking
People User Devices User Devices Servers Servers
Integrity Integrity Confidentiality Integrity Confidentiality
A Word on Sample Bias
Allow us to reiterate: we make no claim that the findings of this report are representative of all data breaches in all
organizations at all times. Even though the merged dataset (presumably) more closely reflect reality than they
might in isolation, it is still a sample. Although we believe many of the findings presented in this report to be
appropriate for generalization (and our confidence in this grows as we gather more data and compare it to that of
others), bias undoubtedly exists. Unfortunately, we cannot measure exactly how much bias exists (i.e., in order to
give a precise margin of error). We have no way of knowing what proportion of all data breaches are represented
because we have no way of knowing the total number of data breaches across all organizations in 2011. Many
breaches go unreported (though our sample does contain many of those). Many more are as yet unknown by the
victim (and thereby unknown to us). What we do know is that our knowledge grows along with what we are able to
study and that grew more than ever in 2011. At the end of the day, all we as researchers can do is pass our findings
on to you to evaluate and use as you see fit.
Got a question or a comment about the DBIR?
Drop us a line at dbir@verizon.com, find us on Facebook,
or post to Twitter with the hashtag #dbir.
8
11. Results and Analysis Table 1. Key for translating percents to
numbers for the 2012 DBIR dataset
The 2011 combined dataset represents the largest we have ever 855 breaches
covered in any single year, spanning 855 incidents and over 174 million
% #
compromised records (the second-highest total, if you’re keeping
1% 9
track). These next few paragraphs should help make some sense of it all.
5% 43
In several places throughout the text, we present and discuss the 10% 86
entire range of data from 2004 to 2011. As you study these findings, 25% 214
keep in mind that the sample dataset is anything but static. The 33% 282
number, nature, and sources of cases change dramatically over time. 50% 428
Given this, you might be surprised at how stable many of the trends
appear (a fact that we think strengthens their validity). On the other
hand, certain trends are almost certainly more related to turmoil in the
Values shown in dark gray pertain to
sample than significant changes in the external threat environment. As
breaches while values in red pertain
in previous reports, the chosen approach is to present the combined
to data records. The “breach” is the
dataset intact and highlight interesting differences (or similarities) incident under investigation in a case
within the text where appropriate. There are, however, certain data and “records” refer to the amount of
points that were only collected for Verizon cases; these are identified data units (files, card numbers, etc.)
in the text and figures. compromised in the breach. In some
figures, we do not provide a specific
The figures in this report utilize a consistent format. Values shown in number of records, but use a red “#”
dark gray pertain to breaches while values in red pertain to data to denote a high proportion of data
records. The “breach” is the incident under investigation in a case and loss. If one of these values
“records” refer to the amount of data units (files, card numbers, etc.) represents a substantial change from
prior years, this is marked with an
compromised in the breach. In some figures, we do not provide a
orange “+” or “–” symbol (denoting an
specific number of records, but use a red “#” to denote a high proportion
increase or decrease).
of data loss. If one of these values represents a substantial change
from prior years, this is marked with an orange “+” or “–” symbol
(denoting an increase or decrease). Many figures and tables in this report add up to over 100%; this is not an error.
It simply stems from the fact that items presented in a list are not always mutually exclusive, and, thus, several can
apply to any given incident.
Because the number of breaches in this report is so high, the use of percentages is a bit deceiving in some places
(5 percent may not seem like much, but it represents over 40 incidents). Where appropriate, we show the raw number of
breaches instead of or in addition to the percentages. A handy percent-to-number conversion table is shown in Table 1.
Not all figures and tables contain all possible options but only those having a value greater than zero (and some truncate
more than that). To see all options for any particular figure, refer to the VERIS framework.
Some constructive criticism we received about the 2011 report suggested the dataset was so rife with small
breach victims that it didn’t apply as strongly to larger organizations as it had in years past. (The nerve—can you
believe those people?)
We’re kidding, of course; this critique is both understandable and helpful. One of the problems with looking at a large
amount of data for a diverse range of organizations is that averages across the whole are just so…average. Because the
numbers speak for all organizations, they don’t really speak to any particular organization or demographic. This is
unavoidable. We’ve made the conscious decision to study all types of data breaches as they affect all types of
organizations, and if small businesses are dropping like flies, we’re not going to exclude them because they infest our data.
What we can do, however, is to present the results in such a way that they are more readily applicable to certain groups.
9
12. We could split the dataset a myriad of ways, but we’ve chosen
(partially due to the initial criticism mentioned above) to highlight
differences (and similarities) between smaller and larger
organizations (the latter having at least 1000 employees).
We could split the dataset a myriad of ways, but we’ve chosen (partially due to the initial criticism mentioned above)
to highlight differences (and similarities) between smaller and larger organizations (the latter having at least 1000
employees). We hope this alleviates these concerns and makes the findings in this report both generally informative
and particularly useful.
Oh—and though we don’t exactly condone schadenfreude, we do hope you’ll find it enjoyable.
Demographics
Every year we begin with the demographics from the previous years’ breach victims because it sets the context for the rest
of the information presented in the report. Establishing how the breaches break down across industries, company size,
and geographic location should help you put some perspective around all the juicy bits presented in the following sections.
This year we altered how we collect some of the demographic data. We decided to stop using our own list of
industries and adopt the North American Industry Classification System (which is cross-referenced to other
common classifications). As a result, some of the trending and comparisons from the industry breakdown in
previous years lose some consistency, but for the most part the classifications map closely enough that
comparisons are not without value.
As Figure 3 shows, the top three spots carry over from our last report. The most-afflicted industry, once again, is
Accommodation and Food Services, consisting of restaurants
“The North American Industry (around 95%) and hotels (about 5%). The Financial and Insurance
Classification System (NAICS) is the industry dropped from 22% in 2010 to approximately 10% last year.
standard used by Federal statistical
While we derived a range of plausible (and not-so-plausible)
agencies in classifying business
explanations for the widening gap between Financial and Food
establishments for the purpose of
collecting, analyzing, and publishing Services, we will reserve most of those for more applicable sections
statistical data related to the U.S. in the report. Suffice it to say that it appears the cybercrime
business economy. “industrialization” trend that so heavily influenced findings in our last
NAICS was developed under the auspices report (and has been echoed by other reports in the industry ), is still
7
of the Office of Management and Budget in full swing.
(OMB), and adopted in 1997 to replace the
When looking at the breakdown of records lost per industry in Figure
Standard Industrial Classification (SIC)
system. It was developed jointly by the U.S. 4, however, we find a very different result. The chart is overwhelmed
Economic Classification Policy Committee by two industries that barely make a showing in
(ECPC), Statistics Canada , and Mexico’s Figure 3 and have not previously contributed to a large share of data
Instituto Nacional de Estadistica y loss—Information and Manufacturing. We’ll touch more on this
Geografia , to allow for a high level of
throughout the report, but this surprising shift is mainly the result of
comparability in business statistics among
a few very large breaches that hit organizations in these industries in
the North American countries.”
2011. We suspect the attacks affecting these organizations were
Source:
directed against their brand and for their data rather than towards
http://www.census.gov/eos/www/naics/
their industry.
7 For instance, see Trustwave’s 2012 Global Security Report discussing growing attacks against franchises.
10
13. Figure 3. Industry groups represented by percent of breaches
Accommodation and Food Services 54%
Retail Trade 20%
Finance and Insurance 10%–
Health Care and Social Assistance 7%+
Information 3%
Other 6%
Redrawing Figure 5 with these outliers removed reveals what is perhaps a more representative or typical account
of compromised records across industries. Figure 4 is a bit more in line with historical data and also bears some
resemblance to Figure 3 above.
Once again, organizations of all sizes are
Figure 4. Compromised Figure 5: Compromised records
records by industry group by industry group with breaches included among the 855 incidents in our
>1M records removed dataset. Smaller organizations represent the
3% All Others 6% Other
majority of these victims, as they did in the last
7% Information DBIR. Like some of the industry patterns, this
Accommodation relates to the breed of “industrialized” attacks
9%
and Food Services
45%+ Manufacturing
mentioned above; they can be carried out
10% Administrative and
Support Services against large numbers in a surprisingly short
timeframe with little to no resistance (from
28%
the victim, that is; law enforcement is watching
Retail Trade
and resisting. See the ”Discovery Methods”
section as well as Appendix B.). Smaller
businesses are the ideal target for such raids,
52%+ Information and money-driven, risk-averse cybercriminals
Finance and understand this very well. Thus, the number of
40%
Insurance
victims in this category continues to swell.
The rather large number of breaches tied to
organizations of “unknown” size requires a
quick clarification. While we ask DBIR
contributors for demographic data, sometimes this information is not known or not relayed to us. There are valid
situations where one can know details about attack methods and other
characteristics, but little about victim demographics. This isn’t ideal, but Table 2. Organizational size by number
it happens. Rather than brushing these aside as useless data, we’re using of breaches (number of employees)
what can be validated and simply labeling what can’t as “unknown.” (See 1 to 10 42
Table 2.) 11 to 100 570
As mentioned in the Methodology section, we will be breaking out findings 101 to 1,000 48
where appropriate for larger organizations. By “larger” we’re referring to 1,001 to 10,000 27
those in our sample with at least 1000 employees. Remember that as you 10,001 to 100,000 23
read this report. So that you have a better idea of the makeup of this Over 100,000 10
subset, Figure 6 shows the industries of the 60 organizations meeting Unknown 135
this criterion.
11
14. Figure 6. Industry groups represented by percent of breaches – LARGER ORGS
Finance and Insurance 28%
Information 22%
Retail Trade 12%
Manufacturing 8%
Public Administration 7%
Transportation and Warehousing 5%
Other 18%
As usual, it’s hard to pull meaning from where victims base their operations, since most breaches do not require the
attacker to be physically present in order to claim their prize. We set a high mark in 2010 with 22 countries
represented, but smashed that record in 2011 with a whopping 36 countries hosting organizations that fell victim
to a data compromise. This is an area where the contributions of our global law enforcement partners really
highlight the fact that data breaches are not an isolated regional problem.
Figure 7. Countries represented in combined caseload
Countries in which a breach was confirmed
Australia France Jordan Poland United Arab Emirates
Austria Germany Kuwait Romania Ukraine
Bahamas Ghana Lebanon Russian Federation United Kingdom
Belgium Greece Luxembourg South Africa United States
Brazil India Mexico Spain
Bulgaria Ireland Netherlands Taiwan
Canada Israel New Zealand Thailand
Denmark Japan Philippines Turkey
We set a high mark in 2010 with 22 countries represented, but
smashed that record in 2011 with a whopping 36 countries hosting
organizations that fell victim to a data compromise.
12
15. 2011 DBIR: Threat Event Overview
In last year’s DBIR, we presented the VERIS threat event grid populated with frequency counts for the first time.
Other than new data sharing partners, it was one of the most well received features of the report. The statistics
throughout this report provide separate analysis of the Agents, Actions, Assets, and Attributes observed, but the
grid presented here ties it all together to show intersections between the four A’s. It gives a single big-picture view
of the threat events associated with data breaches in 2011. Figure 8 (overall dataset) and Figure 9 (larger orgs) use
the structure of Figure 1 from the Methodology section, but replace TE#s with the total number of breaches in
which each threat event was part of the incident scenario. This is our most consolidated view of the 855 data 8
breaches analyzed this year, and there are several things worth noting.
Figure 8. VERIS A4 Grid depicting the frequency of high-level threat events
Malware Hacking Social Misuse Physical Error Environmental
Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt
Confidentiality 381 518 1 9 8 1 2 1
& Possession
Servers
Integrity & 397 422 1 6 1 1
Authenticity
Availability 2 6 5
& Utility
Confidentiality 1
& Possession
Networks
Integrity & 1 1
Authenticity
Availability 1 1 1
& Utility
Confidentiality 356 419 1 86
User Devices
& Possession
Integrity & 355 355 1 1 86
Authenticity
Availability 1 3
& Utility
Confidentiality 23 1
Offline Data
& Possession
Integrity &
Authenticity
Availability
& Utility
Confidentiality 30 1
& Possession
People
Integrity & 59 2
Authenticity
Availability
& Utility
When we observe the overall dataset from a threat management perspective, only 40 of the 315 possible threat
events have values greater than zero (13%). Before going further, we need to restate that not all intersections in
the grid are feasible. Readers should also remember that this report focuses solely on data breaches. During
engagements where we have worked with organizations to “VERIS-ize” all their security incidents over the course
of a year, it’s quite interesting to see how different these grids look when compared to DBIR datasets. As one might
theorize, Error and Misuse as well as Availability losses prove much more common.
8 In other words, 381 of the 855 breaches in 2011 involved external malware that affected the confidentiality of a server (the top left threat event).
13
16. Figure 9. VERIS A4 Grid depicting the frequency of high-level threat events – LARGER ORGS
Malware Hacking Social Misuse Physical Error Environmental
Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt Ext Int Prt
Confidentiality 7 33 3 2 1
& Possession
Servers
Integrity & 10 18 1
Authenticity
Availability 1
& Utility
Confidentiality
& Possession
Networks
Integrity &
Authenticity
Availability 1 1
& Utility
Confidentiality 3 6 10
User Devices
& Possession
Integrity & 4 2 10
Authenticity
Availability 1
& Utility
Confidentiality 1 1
Offline Data
& Possession
Integrity &
Authenticity
Availability
& Utility
Confidentiality 7
& Possession
People
Integrity & 11
Authenticity
Availability
& Utility
Using VERIS for Evidence-Based Risk Management
This may sound like an advertisement, but it’s not—you measure the effectiveness of your prescriptions to
can do this using VERIS (which is free!). Imagine, as a risk track whether incidents and losses decrease after these
manager, having access to all security incidents within treatments are administered. Thus, you achieve a state
your organization classified using VERIS (if you really where better measurement enables better management.
want to let your imagination run wild, think about also Colleagues start referring to you as the “Risk Doctor”
having similar data from other organizations like your and suddenly your opinion matters in security spending
own). Over time, a historical dataset is created, giving discussions. This could be you.
you detailed information on what’s happened, how often
Obviously, this is meant to be tongue in cheek, but we
it’s happened, and what hasn’t happened within your
truly do believe in the merit of an approach like this. We
organization. Unknowns and uncertainties begin to
like to refer to this approach as “Evidence-Based Risk
recede. You give it to your data visualization guy who
Management” (EBRM), borrowing from the concept of
cranks out a grid for your various business groups
evidence-based medicine. Essentially, EBRM aims to
similar to Figure 9. Hotspots on the grid focus your
apply the best available evidence gained from empirical
attention on critical problem areas and help to properly
research to measure and manage information risk.
diagnose underlying ailments. From there, treatment
Security incidents, whether large or small, are a huge
strategies to deter, prevent, detect, or help recover from
part of that “best available evidence.” This is why we
recurring (or damaging) threat events can be identified
assert that meticulously analyzing them is a highly
and prioritized. But you don’t stop there; you actually
beneficial practice.
14
17. Now back to the grids, where the results for the overall dataset share many similarities with our last report. The
biggest changes are that hotspots in the Misuse and Physical areas are a little cooler, while Malware and Hacking
against Servers and User Devices are burning brighter than ever. Similarly, the list of top threat events in Table 3
feels eerily familiar.
The results for the overall dataset share many similarities with our last
report. The biggest changes are that hotspots in the Misuse and Physical
areas are a little cooler, while Malware and Hacking against Servers and
User Devices are burning brighter than ever.
Separating the threat events for larger
Table 3. Top 10 VERIS threat events organizations in Figure 9 yields a few
additional talking points. Some might be
Threat
Threat Event Counts surprised that this version of the grid is less
Event #
1 External.Hacking.Server.Confidentiality 4 518 “covered” than Figure 8 (22 of the 315
2 External.Hacking.Server.Integrity 28 422 events—7%—were seen at least once). One
3 External.Hacking.UserDevice.Confidentiality 130 419 would expect that the bigger attack surface
4 External.Malware.Server.Integrity 22 397 and stronger controls associated with larger
5 External.Malware.Server.Confidentiality 1 381 organizations would spread attacks over a
6 External.Malware.UserDevice.Confidentiality 127 356 greater portion of the grid. This may be true,
7 External.Malware.UserDevice.Integrity 148 355 and our results shouldn’t be used to contradict
that point. We believe the lower density of
8 External.Hacking.UserDevice.Integrity 151 355
Figure 9 compared to Figure 8 is mostly a
9 External.Physical.UserDevice.Confidentiality 139 86
result of size differences in the datasets (855
10 External.Physical.UserDevice.Integrity 160 86
versus 60 breaches). With respect to threat
diversity, it’s interesting that the grid for
larger organizations shows a comparatively
Table 4. Top 10 VERIS threat events – LARGER ORGS
more even distribution across in-scope threat
Threat events (i.e., less extreme clumping around
Threat Event Counts
Event #
Malware and Hacking). Related to this, Social
1 External.Hacking.Server.Confidentiality 4 33
and Physical events make the top 10 list in
2 External.Hacking.Server.Integrity 28 18
Table 4. Based on descriptions in the press of
3 External.Social.People.Integrity 280 11
prominent attacks leveraging forms of social
4 External.Malware.Server.Integrity 22 10
engineering, this isn’t a shocker.
5 External.Physical.UserDevice.Confidentiality 139 10
Naturally, we’ll expound on all of this
6 External.Physical.UserDevice.Integrity 160 10
throughout the following sections.
7 External.Malware.Server.Confidentiality 1 7
8 External.Social.People.Confidentiality 259 7
9 External.Hacking.UserDevice.Confidentiality 130 6
10 External.Malware.UserDevice.Integrity 148 4
15
18. Threat Agents VERIS Classification Note: If the
Entities that cause or contribute to an incident are known as threat agent’s role in the breach is limited
to a contributory error, the agent
agents. There can, of course, be more than one agent involved in any
would not be included here. For
particular incident. Actions performed by them can be malicious or non-
example, if an insider’s unintentional
malicious, intentional or unintentional, causal or contributory, and stem misconfiguration of an application
from a variety of motives (all of which will be discussed in subsequent left it vulnerable to attack, the
agent-specific sections). Identification of the agents associated with an insider would not be considered a
incident is critical to taking specific corrective actions as well as informing threat agent if the application were
successfully breached by another
decisions regarding future defensive strategies. VERIS specifies three
agent. An insider who deliberately
primary categories of threat agents—External, Internal, and Partner. steals data or whose inappropriate
• External: External threats originate from sources outside of the behavior (e.g., policy violations)
organization and its network of partners. Examples include former facilitated the breach would be
considered a threat agent in
employees, lone hackers, organized criminal groups, and
the breach.
government entities. External agents also include environmental
events such as floods, earthquakes, and power disruptions.
Typically, no trust or privilege is implied for external entities.
• Internal: Internal threats are those originating from within the organization. This encompasses company
executives, employees, independent contractors, interns, etc., as well as internal infrastructure. Insiders are
trusted and privileged (some more than others).
• Partners: Partners include any third party sharing a business relationship with the organization. This
includes suppliers, vendors, hosting providers, outsourced IT support, etc. Some level of trust and privilege
is usually implied between business partners.
Figure 10 displays the distribution of threat agents by percentage of breaches in this year’s dataset, along with all
previous years of this study. It’s important to keep in mind that we’re not looking at a consistent sample. The first
few years were based only on Verizon cases, then the USSS (2007-2011), NHTCU (2006-2011), AFP (2011),
IRISSCERT (2011), and PCeU (2011) joined at various points in the years that followed. Thus, trends are the
combination of changes in the threat environment and changes within the sample dataset.
Figure 10. Threat agents over time by percent of breaches
98%
86%
78%
72%
70%
48%
39%
33%
11% 12% 2% 4%
6% 6% <1%
‘04–’07 2008 2009 2010 2011
External Internal Partner
16
19. 2011 continued the shift towards external agents’ involvement in a high percentage of data breaches. Though we
have always seen an external majority, never before has any year been so one-sided. 2009 was the closest to an
exception to that rule, but the rise in internal agents was mostly the by-product of incorporating the insider-heavy
USSS caseload (see the 2010 DBIR for more detail). Since then, it’s been primarily outsiders in the caseloads
9
we’ve examined.
Apart from yearly sample variations, there are several factors contributing to
2011 continued the
the escalating percentage of external agents vs. insiders and partners in this shift towards external
report. The primary factor, which was addressed at length in the 2011 DBIR , is
agents’ involvement in
10
the continued effect of “industrialized” attacks on these ratios. Organized
criminal groups targeting payment card information from Internet-facing POS a high percentage of
systems or physically-exposed ATMs and gas pumps can launch a sting against data breaches. Though
hundreds of victims during the same operation. From a percentage standpoint,
we have always seen
the resulting effect that these commoditized yet highly-scalable attacks have
on threat agent trends makes perfect sense. Insiders, by definition, have a an external majority,
smaller number of potential targets. never before has any
Another contributor to the continued rise of external agents in 2011 was the year been so one-sided.
reinvigorated conducts of activist groups. Commonly known as “hacktivism,”
these attacks are inherently external in nature. They are not nearly as frequent (one might even say “constant”) as
mainline cybercrime, but as will be seen below, they can be quite damaging.
We would be remiss if we did not point out that in 2011, there were several investigations involving internal agents
that did not meet the definition of a data breach. When insiders misuse access or information provided for their job
duties, but did not disclose information to an unauthorized party, then no loss of confidentiality has occurred. 11
Such incidents are not included in this report.
Another interesting observation about 2011 is the much lower percentage of multi-agent breaches. Back in 2009,
over one-quarter of all incidents was the work of more than one category of threat agent. Such incidents sometimes
involve overt collusion, but more often outsiders solicit insiders to participate in some aspect of the crime. In 2011,
that figure was just 2%. The decline here can also be attributed to the “industrialization” trend discussed above.
Partner threat agents have realized a steady decrease over the last few years, and this dataset is no exception. 12
With less than 1% of breaches caused by a partner, it will be hard to go anywhere but up in the next report. Similar
to insiders, the dramatic increase in external agents helps to explain this decline, but there are other factors as
well. Notice that the downward trend began in 2008, which precedes the major shift towards highly-scalable
attacks by outsiders. We have given several hypotheses in past reports, including increased awareness, regulation,
and technology advancements. More significant is how we define causal and contributory agents. Partners that did
not have a causal role in the incident are not included in these percentages. More discussion on such scenarios can
be found in the Partner and Error sections of this report.
It is also entirely possible that malicious insiders and/or partners are flying under the radar and thus avoiding
discovery. We have lamented in previous reports (and will lament in later sections) that a high percentage of breaches
are identified by fraud detection. However, compromises of non-financial data do not have these mechanisms to
trigger awareness, and are therefore more difficult to discover. Our data consistently shows that trusted parties are
9 http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf
10 http://www.verizonbusiness.com/go/2011dbir/us/
11 A frequent example of this is a bank employee who uses system privileges to make an unauthorized withdrawal or transfer of funds. This is certainly a security violation, but it is not a data breach.
12 Some may rightly remember that the percentage tied to partners was substantially higher in prior reports. Keep in mind that those reports showed Verizon data separately, whereas this is the
combined data from all participating organizations “retrofitted” to historical data. It definitely changes the results.
17
20. considerably more likely to steal intellectual property
Figure 11. Threat agents (exclusive) by percent of breaches
and other sensitive (non-financial) data, and there’s a
95%+ 2% <1% 2% good chance these activities would never be detected.
This is not included to “apologize” for bias or to spread
FUD, but to raise a valid point that insiders and partners
are probably under-represented in Figure 10 (though, in
External only Internal only Partner only Multiple the grand scheme of things, we still don’t think they’re
agents
anywhere close to outsiders).
In keeping with our promise to give findings specific to
Figure 12. Threat agents by percent of breaches
larger organizations, we present Figure 12. Those hoping to see
– LARGER ORGS a significantly different result here are bound for disappointment.
87%
(Don’t you hate it when data gets in the way of a good theory?)
We had an incredibly insightful and rational explanation ready to
explain why insiders and partners were more likely to attack
larger organizations, but alas, it’s gone to waste.
Breach Size by Threat Agents
Data compromise, as measured by number of records lost, is
not indicative of the full impact of the breach, but is a useful
and measurable indicator of it. We agree that it would be
5% 5% optimal to include more information on losses associated with
3%
response, brand damage, business disruption, legal penalties,
External Internal Partner Unknown etc. As a small step in this direction, we have added a short
section to this report discussing some of these consequences.
Here, we focus exclusively on the amount of data loss.
Figure 13 shows the distribution among threat agents of the approximately 174 million records compromised
across the merged 2011 dataset. No, we didn’t forget
to include bubbles for insiders and partners; it’s just Figure 13. Compromised records by threat agent, 2011
that outsiders stole virtually all of it. When compared
173,874,419 55,493 153,002 403
to the entire dataset encompassing all years of this
study (Figure 14), the effect isn’t much different (but
we can at least see colors other than greenish-blue).
Mega-breaches, involving millions of records in a single
External only Internal only Partner only Multiple
incident, have consistently skewed data loss numbers agents
toward external agents. The high-volume, low-yield
attacks also mount up in their favor over time.
It’s important to recognize the various types of data Figure 14. Compromised records by threat agent, 2004-2011
compromised and their influence on this metric.
978,433,619 28,925,291 43,897,579 46,476,153
Payment card data and personal information are
frequently stored and stolen in bulk, whereas
intellectual property or classified data theft often
involve only a single “record.” As mentioned previously,
External only Internal only Partner only Multiple
insiders are more likely to target the latter. agents
18
21. External Agents (98% of breaches, 99+% of records)
As with all of our previous DBIRs, this version continues to reinforce the finding that external parties are responsible
for far more data breaches than insiders and partners. This go-around,
they were tied to 98% of all incidents. At a quick glance, much about the Bottom line: most data
roles, varieties, and motives of external agents in 2011 appears to be just
thieves are professional
a continuation of the same ol’ story.
criminals deliberately trying
Outsiders almost always engaged in direct, intentional, and malicious
actions. Only a scant 2% of cases featured external agents in indirect to steal information they
roles, where they solicited or aided someone else to act against the can turn into cash. Like we
victim. Organized criminal groups were once again behind the lion’s share
said—same ol’ story.
(83%) of all breaches. One may wonder why it is they do what they do (we
surely do, and that’s why we started tracking more about motives last year), the answer is pretty straightforward—
they do it for the money (96%). Bottom line: most data thieves are professional criminals deliberately trying to
steal information they can turn into cash. Like we said—same ol’ story.
Figure 15. Motive of external agents by percent of breaches within external
96%
Financial or personal gain
71%
3%
Disagreement or protest
25%
2%
Fun, curiosity, or pride
23%
1%
Grudge or personal offense
2%
All Orgs Larger Orgs
It’s not the whole story, however. Nor is it the most important one. The most significant change we saw in 2011 was
the rise of “hacktivism” against larger organizations worldwide. The frequency and regularity of cases tied to
activist groups that came through our doors in 2011 exceeded the number worked in all previous years combined.
But this was not restricted to our caseload alone; the other organizations
It’s not the whole story, participating in this report also spent a great deal of effort responding to,
however. Nor is it the most investigating, and prosecuting hacktivist exploits. It was extremely
interesting to piece these different perspectives together to form a global
important one. The most
view of investigations into activist groups and their victims. 3% of all
significant change we saw external attacks may not seem like much (though remember we’re dealing
in 2011 was the rise of with over 850 incidents here, and notice related motives are higher than
that; plus we suspect some “unknown” agents are actually activists), but
“hacktivism” against larger
this trend is probably the biggest and single most important change factor
organizations worldwide. in this year’s DBIR.
19