Presentation is loading. Please wait.

Presentation is loading. Please wait.

2016 Data Breach Investigations Report

Published byBethanie Harvey Modified over 6 years ago

Similar presentations

Presentation on theme: "2016 Data Breach Investigations Report"— Presentation transcript:

1 2016 Data Breach Investigations Report
Understand what you’re up against. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. PTE16708

2 2016 DBIR Contributors

3 VERIS framework Actor – Who did it? Action – How’d they do it?
Asset – What was affected? Attribute – How was it affected? / 3

4 Security incidents vs data breaches
4

5 2016 Data Breach Investigations Report
Ninth edition. 2,260 analyzed breaches. 100K incidents. Data from contributors. 82 countries.

6 The who, where and why.

7 Attackers are usually external to the victim’s organization.
But you still need to be aware of the internal threat.

8 Threat Actors

9 Attackers are typically after the money.
80% Financial Espionage 9%

10 Actions over Time

11 Asset Type

12 How do they get in?

13 They’ve got the right credentials.
63 of confirmed data breaches involved leveraging a weak, default or stolen password. %

14 30 of phishing messages were opened.
Phishing still works. % 30 of phishing messages were opened. 13 of targets went on to click the attachment or link. %

15 100 seconds On average, it takes less than 2 minutes for a phishing campaign to get its first open. And less than 4 minutes to get its first click.

16 The same old vulnerabilities exist.
Most attacks exploit known vulnerabilities where a patch has been available for months, if not years. 85 of successful exploit traffic is from the top 10 vulnerabilities. %

17 Many breaches share the same threat actions in the early stages of the attack.
What happens next is determined by the attacker’s end game.

18 How quickly do they get in?

19 The detection deficit is growing.

20 Breach Discovery Method Over Time
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

21 What can you do?

22 86% of security incidents fit into just nine incident classification patterns.

23 Over 90% of breaches fit into just nine incident classification patterns.

24 Patterns by Industry

25 The Cost of a Breach by Cyber Insurance Payouts

26 Use the lessons learned from analyzing more than 2,000 confirmed data breaches. Read the 2016 DBIR: VerizonEnterprise.com/DBIR2016

27

Download ppt "2016 Data Breach Investigations Report"

Similar presentations

1 Confidential and proprietary material for authorized Verizon Foundation personnel only. Use, disclosure or distribution of this material is not permitted.

1 Confidential and proprietary material for authorized Verizon Foundation personnel only. Use, disclosure or distribution of this material is not permitted.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Threats and vulnerabilities

Threats and vulnerabilities
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
© 2010 Verizon. All Rights Reserved. PTE14626 07/10 2011 DBIR.

© 2010 Verizon. All Rights Reserved. PTE / DBIR.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
CHALLENGES OF MANAGING STATE DATA SYSTEMS. 70CONTRIBUTINGORGANIZATIONS 79,790 SECURITY INCIDENTS 2,122 CONFIRMED DATA BREACHES 61 COUNTRIES REPRESENTED.

CHALLENGES OF MANAGING STATE DATA SYSTEMS. 70CONTRIBUTINGORGANIZATIONS 79,790 SECURITY INCIDENTS 2,122 CONFIRMED DATA BREACHES 61 COUNTRIES REPRESENTED.
Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized.

Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized.

Similar presentations

Ads by Google