Tuesday, April 23, 2013

Verizon Data Breach Investigation Report Released

Verizon has released the 2013 edition of its annual Data Breach Investigation Report.  You can click here to download a copy from their website.

The situation with data compromises is complex, they note in the introduction:
All in all, 2012 reminded us that breaches are a multi-faceted problem, and any one-dimensional attempt to describe them fails to adequately capture their complexity . 
You can focus initially on the executive summary to get a broad picture.  For example, who are the victims (mostly financial institutions and retail), who are the bad guys (overwhelmingly outsiders), and how the breaches occur (network intrusions, overwhelmingly; so, how are your quarterly external network scans going?...).

Among the most frustrating observations is that the breaches continue to be opportunistic, of a relatively low level of difficulty, and driven by financial motives.

The report has 63 pages of information, charts, and graphs.  I recommend it to you.  I am still digesting it, so there may be more later.  For a great summary, the folks at Securosis prepared this overview.  But please don't stop there.   Download the report and read it yourself!