Embed Size (px)
Citation preview
.
.
Inside the 2016 Verizon Data Breach Investigations Report
Marc Spitler | Senior Manager, Verizon Security Research
Raj Samani | CTO for EMEA, Intel Security
.
2
2016 Verizon DBIR Key Findings@Marc_Spitler
© 2016 Data Breach Investigations Report
2016 DBIR Key Findings
• Cybercriminals are exploiting humans as weakest link, organized in approach
• Phishing tops list of increasing concerns
• 89 percent of all attacks involve financial or espionage motivations
• Three-pronged attacks used frequently across several incident classification patterns
• Risk management is key to safeguarding assets
3
© 2016 Data Breach Investigations Report
2016 Data Breach Investigations Report
Data from
67contributors.
4
Ninth edition.
100Kincidents.
82countries.
2,260analyzed breaches.
© 2016 Data Breach Investigations Report
Over 95% of breaches fit into just nine incident classification patterns.
5
© 2016 Data Breach Investigations Report6
What happens next is determined by the attacker’s end game.
Many incidents share the same threat actions in the early stages of the attack.
© 2016 Data Breach Investigations Report
They’ve got the right credentials.
7
63of confirmed data breaches
involved leveraging a weak,
default or stolen password.
%
© 2016 Data Breach Investigations Report
Phishing still works.
30of phishing messages were opened.
8
%
13of targets went on to click
the attachment or link.
%
.
Post-Compromise Fraud@Raj_Samani
.
Payment Card Market Prices
10
Estimated per card prices for stolen payment card data
Price per payment card over time
.
Payment card purchase options
.
Login access for sale
.
Login access to critical infrastructure systems for sale
.
Identity information for sale
.
We’ve only just begun… health records for sale
15
.
Questions and Answers
The Hidden Data EconomyThe Marketplace for Stolen Digital Information
www.mcafee.com/us/resources/reports/rp-hidden-data-economy.pdf
2016 Data Breach Investigations Report
www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf
Join Marc and Raj during a Twitter #SecChat on June 22, 12:00 p.m. - 1:00 p.m. PDT to discuss findings from the 2016 Verizon DBIR.
@Marc_Spitler @Raj_Samani
.
17
![Insider Collusion Attack on Privacy-Preserving Kernel ... › ~hchsiao › pub › 2016_IEEE_access.pdf‘‘2015 Verizon Data Breach Investigations Report,’’ [1] attacks from](https://img.pdfslide.us/doc/110x75/5f03c4cc7e708231d40aad67/insider-collusion-attack-on-privacy-preserving-kernel-a-hchsiao-a-pub-a.jpg)
![2011 Data Breach Investigations[1]](https://img.pdfslide.us/doc/110x75/547a0329b4af9fa5158b49a2/2011-data-breach-investigations1.jpg)
