Verizon DBIR – Thoughts

Verizon has released their 2015 edition of the Data Breach Investigation Report, covering incidents in 2014.  This report is really good.

On pages 6 and 7, the analysis of intelligence feeds is useful.  I’ve wondered about overlap of intelligence feeds.  My thought was there would be significant overlap.  Their results of very little overlap is not what I expected.

Page 22 indicated “70-90% of malware samples are unique to a single organization.  Special snowflakes fall on every yard.”  Again, this is useful information for reporting incidents to leadership.  As others have said, attribution is difficult.

Page 53 indicates that 75% of espionage attacks start with email while the next 15% are via web infections.  It is crazy how effective email attacks are in business environments.  We really need to get better at this stuff.

Having just had some Six Sigma courses, 5 Why’s was interesting to see for risk mitigation on page 55.  I will need to try it out for some risk assessments in the future.

Finally is the recommendations at the very end of effective controls.  The SANS Top 20 is great, but where do you start?  Seeing the recommendation of starting with patching / vulnerability management and two factor authentication is great.  It is difficult to build a business case for a specific control when you are deficient in so many.

The compromise statistics and time to respond aren’t interesting.  Everyone is terrible at incident response.  I question the applicability of cost per record losses to an environment.