1 / 24

2011 DBIR

2011 DBIR. Data Breach Investigations Report series. http://verizonbusiness.com/databreach http://securityblog.verizonbusiness.com. 2011 DBIR Contributors. Verizon. United States Secret Service. Dutch National High Tech Crime Unit. Methodology: Collection and Analysis.

rmclemore
Télécharger la présentation

2011 DBIR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2011 DBIR

  2. Data Breach Investigations Report series http://verizonbusiness.com/databreach http://securityblog.verizonbusiness.com

  3. 2011 DBIR Contributors Verizon United States Secret Service Dutch National High Tech Crime Unit

  4. Methodology: Collection and Analysis • VERIS framework used to collect data after investigation • Aggregate and anonymize the case data • RISK Intelligence team provides analytics • 630 threat events VERIS: https://verisframework.wiki.zoho.com/

  5. Overview – What’s New? • Over 750 new breaches studied since the last report • Total for all years = 1700+ • Just under 4 million records confirmed compromised • Total for all years = 900+ million • Euro-centric appendix from Dutch HTCU ??

  6. Agents: Whose Actions Affected the Asset?

  7. Agents: Who were the External Agents?

  8. Agents: Who were the Internal Agents?

  9. Actions: What Actions Affected the Asset?

  10. Malware – What was the Infection Vector?

  11. Malware – What was its Functionality?

  12. Malware – How Often was it Customized?

  13. Hacking – What was the Type Used?

  14. Hacking – What Path did the Agent Take? Patchable vulnerabilities: 5

  15. Which Assets were Affected?

  16. Which Assets were Affected?

  17. Which Data Types were Affected?

  18. How Difficult were these Attacks?

  19. How Long to Compromise, Discovery & Containment?

  20. How did the Victim Discover the Breach?

  21. Wrapping up

  22. Wrapping up

  23. Conclusions & recommendations Focus on essential controls. Many organisations make the mistake of pursuing exceptionally high security in certain areas while almost completely neglecting others. Businesses are much better protected if they implement essential controls across the entire organization without exception. Eliminate unnecessary data. If you do not need it, do not keep it. For sensitive data that must be kept, identify, monitor and securely store it. Secure remote access services. Restrict these services to specific IP addresses and networks, minimising public access to them. Also, ensure that your organisation is limiting access to sensitive information within the network. Filter outbound activity. If the criminal cannot get the data out of your environment then the data has not been compromised. Monitor and mine event logs. Focus on the obvious issues that logs pick up, not the records. Reducing the compromise-to-discovery timeframe from weeks and months to days can pay huge dividends. Look for unusual location. Criminals do not tend to attack from the same location as your usual business partner and staff traffic.

  24. DBIR: www.verizonbusiness.com/databreach VERIS: https://verisframework.wiki.zoho.com/ Blog: securityblog.verizonbusiness.com Email: dbir@verizonbusiness.com

More Related