« Weekly Intelligence Summary: 2011-06-17
Weekly Intelligence Summary: 2011-06-24 »

New views into the 2011 DBIR

Wade Baker
June 23rd, 2011

Numbers and charts courtesy of Marc Spitler

Since publishing the 2011 DBIR back in April, we’ve received a lot of questions about the dataset presented in the report. From the 761 incidents covered in the report, one gets a pretty decent view of “what this says about the general community,” but it can be challenging to figure out “what it means for me specifically.”

Though some suggest otherwise, I do not believe this is a problem inherent to our dataset; this same basic issue affects any large dataset. For instance, if we polled the global working community on some issue, the results would reveal a “middle” position that was not necessarily reflective of any particular country involved. Tracking this over time shows changes in the typical international stance on the issue and has value for many purposes. For other purposes, however, one might wish to study the views of a specific age group from a specific country.

There are nearly unlimited ways we could slice the DBIR dataset to create additional views and we can’t possibly do them all – especially for free (just being honest). We can, however, create some of the most-requested segmentations, and we are happy to preview a couple here.  Below you’ll find the top 15 threat actions for 1) organizations with at least 1000 employees, and 2) breaches of intellectual property and classified information (payment card data and personal information excluded). You can compare these to Table 8 on page 26 of the 2011 DBIR.

Top Threat Action Types against LARGER ORGANIZATIONS by number of breaches and - (all incidents against victims with over 1000 employees; ATM and gas pump skimmers excluded)

Top Threat Action Types against LARGER ORGANIZATIONS by number of breaches and - (all incidents against victims with over 1000 employees; ATM and gas pump skimmers excluded)

Top Threat Action Types used to steal INTELLECTUAL PROPERTY AND CLASSIFIED INFORMATION by number of breaches - (excludes breaches only involving payment card data, bank account information, personal information, etc)

Top Threat Action Types used to steal INTELLECTUAL PROPERTY AND CLASSIFIED INFORMATION by number of breaches - (excludes breaches only involving payment card data, bank account information, personal information, etc)

We could give you our take on reasons behind these differences (and similarities), but we’d rather open the floor to your thoughts and comments. Whudahyathink?
By the way, we still haven’t decided on whether or not we’ll publish a Supplemental DBIR this year that would include some of this stuff. We will definitely begin pulling these kinds of additional views into our DBIR-related presentations, so feel free to drop by and heckle us when we’re in your neighborhood.

Tags: , , , , , , , , , ,

This entry was posted on Thursday, June 23rd, 2011 at 3:13 pm and is filed under 2011 DBIR. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments

  1. Hi, Mark -

    What’s the overlap like in these categories?

    i.e – in your first table, how many back door attacks also involved sending data out?

    Regards,

    Patrick

    Posted by: Patrick Florer on July 1st, 2011 at 3:58 pm

Leave a Comment

All submissions, like other use of this site, are subject to the Terms of Use. By using the site, I agree to those terms.