2016 data breach investigations report - verizon enterprise · 2016 data breach investigations...
TRANSCRIPT
2016 Data Breach Investigations Report
2016 Data Breach Investigations ReportUnderstand what you’re up against.
Beltug X-changeMarch 29, 2017Fabrice WynantsManager Security Solutions BeNeLux & [email protected]
2016 Data Breach Investigations Report
The DBIR
2016 Data Breach Investigations Report
Data from
67contributors.
3
Ninth edition.
100Kincidents.
82countries.
2,260analyzed breaches.
Use the lessons learned from analyzing more than 2,000 confirmed data breaches.
• Data Breach Investigation Reports• Data Breach Digest Reports• Industry Oriented Reports
http://www.verizonenterprise.com/verizon-insights-lab/dbir/
2016 Data Breach Investigations Report
2016 Data Breach Investigations Report
2016 DBIR Contributors
2016 Data Breach Investigations Report
Some Breach Trends.
2016 Data Breach Investigations Report
Threat Actors & Motives
89% of breaches had a financial or espionage motive
The actors in the breaches were predominantly external.
2016 Data Breach Investigations Report
Threat Actions – Hacking, Malware & Social on the rise
2016 Data Breach Investigations Report
88
Threat Actions – Don’t Forget the Human Errors
Human Error is involved in 37% of the Breaches
2016 Data Breach Investigations Report
9
The Detection Deficit
Percent of breaches where time to compromise (green) and time to discovery (blue) as days or less
+ Less than 10% of breaches are discovered by internal means
Detection GAP
2016 Data Breach Investigations Report
Birth of a Data Breach
2016 Data Breach Investigations Report
11
Many incidents share the same threat actions in the early stages of the attack.
Three-pronged attacks highly familiar, repeatable, used frequently
Birth and rebirth of a data breach
2016 Data Breach Investigations Report
12
View from our Sr. Data Analyst
Understanding the Opening Moves is Key.
Focus & block on the Intersections : Phishing, Malware & Credentials .
What happens next is determined by the attacker’s end game.
13
41% of breaches involved phishing
30% recipients opened phishing messages
13% clicked on attachments
3:45 median time to first click
Number of phishing emails opened and clicked in first 24 hours and percent of opened emails that were clicked
Phishing
2016 Data Breach Investigations Report
14
Malware and Crimeware
68% of breaches involved malware
Mainly introduced through Email as executables
15
63% of confirmed data breaches involved leveraging a weak, default or stolen password (credential theft or use).
Credentials
Top threat action varieties within incidents
2016 Data Breach Investigations Report
What can you do?
2016 Data Breach Investigations Report
86% of security incidents fit into just nine incident classification patterns.
17
2016 Data Breach Investigations Report
Over 90% of breaches fit into just nine incident classification patterns.
18
2016 Data Breach Investigations Report
Patterns by Industry
2016 Data Breach Investigations Report
Some Recommendations
Tailor your mitigations.
Make people your first line of defense.
Only keep data on a “need to know” basis.
Focus around Phishing, Malware and Credentials.
Patch promptly.
Use two-factor authentication where possible.
Ensure proper Detection & Response
2016 Data Breach Investigations Report
Verizon Data Breach
Investigations Report.
http://www.verizonenterprise.com/verizon-insights-lab/dbir/
21