One of the most respected publications in cybersecurity is the Verizon Data Breach Investigations Report (DBIR), analyzing over 150,000 incidents and providing a comprehensive analysis covering the 32,002 incidents and 3950 breaches that meet Verizon’s quality standards. I liked very much how they choose to represent the concept that no industry, no region, no market is excluded; using a page of differently colored squares to illustrate how wide, pervasive, and data-driven their 3950 breaches analyzed has been.

Breaches

Concerning the findings, nearly half (45%) of the breaches featured Hacking. The large majority of them have been perpetrated by external actors, which reinforces the idea that a value chain is present behind almost all hacking attempts. This evidence is also highlighted by the common denominators section, showing that 86% of breaches are financially motivated.

This same section shows that near the half (43%) of the breaches involved Web Applications. This shows the crucial importance of having a solid CI/CD pipeline where security is totally integrated as early as possible in the DevOps lifecycle.

Continue reading …

It’s that time of the year when Verizon updates us on the latest trends in the global threat landscape with its Data Breach Investigations Report (DBIR). The findings in this year’s report are based on data provided by more than 70 sources (including Qualys) about more than 41,000 security incidents, including more than 2,000 confirmed data breaches, across a variety of geographies (over 80 countries) and industries. A privileged observation point indeed.

While the very informative 78-page report touches on a wide range of areas,  I’ll focus on three that are particularly relevant for Qualys customers:

• Who are hackers’ preferred targets, and why
• The importance of reducing both the time it takes to discover security problems, such as vulnerabilities or breaches, and the time it takes to fix them
• How lack of visibility, human error and careless misconfigurations heighten organizations’ security risks

Read on to learn more about the evolution (or is it “EVILution”) of the threat landscape in the past year, and find out about recommended actions.

Continue reading …

This week Verizon released the 2013 edition of the Data Breach Investigations Report (DBIR). The DBIR has been adding data sources over the last five years, and this year’s report contains 641 confirmed breach incidents collected from 19 participating partners. The data allows Verizon to draw important conclusions as to the most common threats in the wild.

For me personally, the most important findings from the DBIR this year are:

Continue reading …