Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
2019 Verizon Data Breach Investigations ReportSuzanne Widup
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 2
73CONTRIBUTING ORGANIZATIONS
41,686SECURITY INCIDENTS
2,013CONFIRMED DATA BREACHES
86COUNTRIES REPRESENTED
Demographics
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 3
Vocabulary for Event Recording and Incident Sharing (VERIS) is an open framework designed to provide a common language for describing security incidents (or threats) in a structured and repeatable manner.
Actor – Who did it?
Action – How’d they do it?
Asset – What was affected?
Attribute – How was it affected??
http://www.veriscommunity.net
The VERIS Framework
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 4
VERIS in Action
https://github.com/vz-risk/VCDB/issues
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 5
DBIR Overview
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 6
Incidents vs BreachesWhat influencesthese numbers?
• Regulatory requirements
• Partner visibility• Breach trends
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 7
Threat Actors
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 8
Actor Motives
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 9
Actor Varieties
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 10
Discovery Timeline
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 11
The Detection Deficit
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 12
The Healthcare Detection Deficit (2011-2018)
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 13
Industries
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 14
The Nefarious Nine Patterns
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 15
Industry Comparison
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 16
Healthcare Errors
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 17
Healthcare Misuse Actor Varieties
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 18
Healthcare Misuse Motivations
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 19
Healthcare
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 20
I Click, Therefore I am
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 21
Types of Social Attacks
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 22
Progress
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 23
By Industry
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 24
Financially-motivated Social Engineering
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 25
Malware
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 26
Choose the Form of the Destructor
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 27
Vectors and Varieties
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 28
Denial of Service Attacks
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 29
Unbroken Chains
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 30
Steps to Success
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 31
Paths
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 32
Beginning, Middle and End
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 33
Simulation
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 34
More InformationDownload the DBIR http://www.verizonenterprise.com/verizon-
insights-lab/dbir/
Grab the DBIR Graphics https://github.com/vz-risk/dbir/tree/gh-pages/2019
Learn about VERIS www.veriscommunity.net and
http://github.com/vz-risk/verisExplore the VERIS
Community Databasehttp://www.vcdb.org and https://github.com/vz-risk/VCDB/issues
Ask a Question [email protected]
Follow Us @vzdbir and hashtag #dbir
Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited.
Thank you.Twitter: @SuzanneWidup
@VERISDB for data breach feed