Jacob Kaplan-Moss

Tag: Dbir

2021 DBIR Highlights

The 2021 edition of Verizon’s Data Breach Investigations Report (DBIR) is out. I read the DBIR every year; it’s one of the only analyses of real-world security failures that approaches any sort of scientific rigor. Here are some of the highlights from the 2021 edition, along with my commentary.
May 18th, 2021 • dbir security

2016 DBIR Highlights

The 2016 edition of Verizon’s Data Breach Investigations Report is out, and as usual it’s compelling reading. The DBIR is one of the only sources of hard data about information security, which makes it a must-read for anyone trying to run a security program in a data-driven manner.

What follows are the bits that I found especially interesting, and a bit of my own commentary.

Internal threats are rare

[T]he Actors in breaches are predominantly external. While this goes against InfoSec folklore, the story the data consistently tells is that, when it comes to data disclosure, the attacker is not coming from inside the house. And let’s face it, no matter how big your house may be there are more folks outside it than there are inside it. [7]

April 27th, 2016 • dbir security