I don’t know how I’d missed this before, but glad I found it. Better later than never, I guess. The Data Breach Investigations Report is an annual report from Verizon’s Enterprise group summarizing the prior year’s IT security incidents. The 2014 report is the most recent available, and covers 20123 incidents.
Of particular value in the 2014 edition are the high-level threat patterns, and the mapping of threats and recommendations against major industry verticals. They identified that 92% of security incidents in 2013 could be grouped into just nine different attack patterns. That doesn’t magically reduce the number of vulnerabilities your IT organization has to contend with, but it does provide a useful framework for understanding the stream of hacking news, and a launching off point for prioritizing security investments for your own firm.
I have to also commend the DBIR authors for making the document highly readable to make the material more accessible for non-CISO types. I highly recommend this report for all senior IT managers and executives, especially those who don’t have the CISO title.
Very much looking forward to their 2015 report. The 2014 report is linked below – read it.