The immense DBIR has been released for several weeks, and is chock full of great information. While reading through the report highlights the very challenging environment we operate our digital assets within, it does provide a road map where professionals can focus their attention. There is no possible way to abbreviate the report, but a few specific quotes caught my attention:
Malware gets increasingly difficult to detect and prevent (especially once the attacker owns the system) . Therefore, protect against the damage malware does after infection, much of which can be mitigated if outbound traffic is restricted.
“…a breakdown of organizational size follows a rather normal-looking distribution. It’s quite possible (and perhaps logical) that an organization’s size matters little in terms of its chances of suffering a data breach. One
might speculate that smaller budgets mean less security spending but it probably also means fewer assets to protect and a lower profile. Thieves are more likely to select targets based on the perceived value of the data and cost of attack than victim characteristics such as size.”
“The rather high percentage of “unknown” in Figure 18 is attributable to many factors. Many times there were no logs, corrupted evidence, and/or users were unavailable for interview. Occasionally, we see some of the “old school” infections vectors like e-mail and network propagation. Outside the world of data breaches, these are still alive and well but when stealth is critical and persistence is the goal, these vectors have less merit.”
When reading through the report I would suggest looking at the trends where security controls failed the most – not what worked the most.
Well done gentlemen.