This year, the report is delving deeper into the pathway to breaches in an effort to identify the most likely Action and vector groupings that lead to breaches given the current threat landscape. The cracked doorway on the cover is meant to represent the various ways attackers can make their way inside. The opening in the door shows the pattern of our combined “ways-in” percentages, and it lets out a band of light displaying a pattern of the Action vector quantities. The inner cover highlights and labels the quantities in a less abstract way.

This report aims to take a look at the times when things did not work as intended—not to point fingers but to help us all learn and improve. In a time where almost everyone, corporations and individuals alike, is looking at ways to do more with less, we believe a close analysis of when our defenses failed can be very beneficial. While times of great change are always challenging, they often also prompt us to take stock of our situation and, if necessary, refocus both our viewpoint and our energies. Such is the case with the DBIR this year. As a team, we decided to take a step back toward the fundamental things that got us where we are, an intense focus on actual data breaches analyzed using our own VERIS Framework. And speaking of VERIS, one of the new goodies this refocusing brings is an even better mapping between VERIS and MITRE ATT&CK through a collaboration with MITRE Ingenuity and the Center for Threat Informed Defense (CTID).

For this, our 15th anniversary installment, we continue in that same tradition by providing insight into what threats your organization is likely to face today, along with the occasional look back at previous reports and how the threat landscape has changed over the intervening years.

This inaugural report covers seven years of data from the DBIR as well as additional Verizon information, providing an overview of the cyber-espionage landscape. Attackers, motivations, methods, and victims are all focus areas.

The annual Data Breach Investigations Report (DBIR) is the annual marque analysis of breach and incident information over the previous year.

Verizon’s 2020 edition of the keystone DBIR. Covering breaches and attack trends across the previous year.

The PSR has the unique role of measuring the strengths and weaknesses of the PCI DSS and tracking the sustainability of compliance. It also measures and tracks challenges associated with implementing and maintaining security controls required for PCI DSS compliance.

The VIPR report (Verizon Incident Preparedness and Response Report) outlines preparations and responses to data breaches. This includes 6 phases, planning and preparation, detection and validation, containment and eradication, collection and analysis, remediation and recovery, and assessment and adjustment.

It’s been another headline-grabbing 12 months for cybersecurity. There were many large and damaging compromises affecting retailers, airlines and credit rating companies, to name just a few. Thousands of organizations weren’t prepared and had sensitive data stolen, suffered downtime of key systems or were affected in some other way. Are you ready?

Verizon’s annual report on data breaches in 2018

Verizon’s annual report on data breaches in 2016

As stated in the report, “The purpose of this study is to shed light on the problem of medical data loss—how it is disclosed, who is causing it and what can be done to combat it.”

Subtitled “Insight for helping businesses manage risk through payment security”

Verizon’s annual report on all data breaches in 2015

Here are some quick facts about this report and what they tell us about the issues that the healthcare industry as a whole needs to address: 58% of incidents involved insiders—healthcare is the only industry in which internal actors are the biggest threat to an organization. Medical device hacking may create media hype but the assets most often affected in breaches are databases and paper documents. Ransomware is the top malware variety by a wide margin. 70% of incidents involving malicious code were ransomware infections. Basic security measures are still not being implemented. Lost and stolen laptops with unencrypted PHI continue to be the cause of breach notifications.

This report offers a helpful understanding of data breaches.

This infographic is based on the report of the same name.

This paper discusses what organizations fear and what security measures they are taking to mitigate risks. To find out, they commissioned independent research, surveying more than 600 mobility professionals. The results were eye-opening.

This is a report based on a one man’s experience with IoT security.

From the report, “Internet of Things (IoT) technology holds incredible promise for transforming the enterprise, but one of the biggest hurdles for companies implementing IoT will be extracting insight from the incredible volumes of fast-moving data these systems produce and integrating that resulting intelligence into business processes in real time.”

As always, this report is comprised of real-world data breaches and security incidents—either investigated by us or provided by one of our outstanding data contributors.