The DBIR was created to provide a place for security practitioners to look for data-driven, real-world views on what commonly befalls companies with regard to cybercrime.
The past year has been extraordinary in a number of ways, but it was certainly memorable with regard to the murky world of cybercrime. From very well publicized critical infrastructure attacks to massive supply chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months. As always, we will examine what our data has to tell us about these and the other common action types used against enterprises. This year the DBIR team analyzed 23,896 security incidents, of which, 5,212 were confirmed data breaches.
The European Union (EU)’s General Data Protection Regulation (GDPR) is in full effect, but many organizations still don’t have the processes in place to be compliant. According to an IBM survey, only 36 percent of executives said they expect to be GDPR-compliant by the enforcement date.
Looking to 2019
A chain is only as strong as its weakest link. This is also true in the world of security. In 2018, we tracked a key growing threat trend - that when just one device in a home or small business (usually the router) is compromised, then the rest of the devices on the network become easy to compromise. With connected devices - known as the Internet of Things - growing faster than any device category in history, it’s increasingly difficult to buy appliances and home goods that do not have some connection over to the internet.
Verizon 2019 DBIR Shows Financially Motivated Attacks Increasing While Criminals Switch to Easiest Targets
The Verizon 2019 Data Breach Investigations Report (DBIR) was published just after midnight today. This is the 12th edition since its launch in 2008, and the most extensive to date, with 73 contributors and an analysis of 41,686 security incidents including 2,013 confirmed breaches. A breach is defined as an incident that results in the confirmed disclosure or exposure of data.