2009 Data Breach Investigations Supplemental Report
Dave HylenderDecember 9th, 2009
Verizon Business released the 2009 Data Breach Investigations Supplemental Report today. As you may know, the supplemental report addresses requests, issues, and questions that arise from our readers regarding the annual Data Breach Investigations Report (April, 2009). This year’s model is a catalogue of attacks that occurred most frequently in the data set used for the 2009 DBIR.
It is, in large part, a divergence from previous reports in that it provides a more in-depth and wider view of a data breach, and is not solely statistics driven. The aim of the report is to provide both technical personnel and managers with a one-stop compendium of pertinent details on the widespread threats within our caseload. It is our hope that readers can directly utilize the information provided to prepare for, detect and, ideally, prevent these types of attacks.
In nearly every DBIR-related presentation or conversation, we get requests for case studies, detailed explanations of attacks, recommendations on countermeasures, and so forth. We felt the catalogue approach used in this report would be the best way to give audiences what they wanted.
The Data Breach Investigations Supplemental Report describes the top 15 threats in detail along with real-world examples of each from Verizon’s caseload. The report provides information on the common sources of these attacks, which industries they most often affect, and illustrates how individual attacks are used in combination with others within a data breach scenario. Perhaps most importantly, protection strategies are identified for each of the 15 attacks. In total, nearly 50 unique indicators and 100 countermeasures are listed throughout the document.
In addition to the threat catalogue, the supplemental report includes an appendix that compares Verizon’s caseload to DataLossDB, a public database of reported incidents worldwide. The goal is to answer questions we so often get about how our caseload sample compares to other similar sources of breach information. To do this, we mapped categories used by DataLossDB to our own classification framework and “translated” the 2300+ incidents it contains to allow a same-to-same comparison. The results are quite interesting. Give it a read and let us know what you think. The report can be accessed here.
Just finished reading 2009 Data Breach Investigations
Posted by: Damian Hall on December 9th, 2009 at 10:59 pmSupplemental Report. An excellent document, very thought provoking. I found the details regarding the range of techniques employed in creating and exploiting a breach useful in illustrating the cross discipline approach needed to counter these vulnerabilities. Look forward to reading the next report!
Thanks Damian. As long as folks keep reading and finding uses for the reports, we’ll keep writing them.
Posted by: Wade Baker on December 10th, 2009 at 3:14 amI just started reading this, and I think there might be a small typo – top of page 3, you refer to publishing the 2009 DIBR in ‘early 2009′
Posted by: Allison Dolan on December 10th, 2009 at 4:56 pmThis is intend an excellent report. I would suggest, however, in future revisions or the 2009 DIBR, amplifying on the comment that your data are based on the cases where Verizon was called in. I have seen people who are involved primarily in the security of PII/data breach notifications trying to use the Verizon report in conjunction with other sources, where accidents, such as lost laptops, or a file unintentionally posted on the Internet, top the list of causes of breaches (or at least breach notifications). In such cases Verizon is unlikely to be called in. Also perhaps clarify your definition of PII
Posted by: Allison Dolan on December 10th, 2009 at 5:23 pmI’m not seeing the reference. The 2009 DBIR was published in April of 2009. “Early-ish 2009″ maybe?
Posted by: Wade Baker on December 10th, 2009 at 9:54 pm