For those who lack the time to read the entire report, here are some of the key findings along with some comments.
75% of breaches done by outsiders.
25% involved internal actors.
18% state actors.
51% involved organized crime actors.
I see 25% involving internal actors as quite high, but that depends on the definition of "involved".
24% of breaches affected financial organizations
15% of breaches affected healthcare
Public sector were third at 12%
Retail and hospitality combined for another 15% of breaches.
62% of breaches used "hacking"
51% of breaches used malware
81% leveraged stolen/weak passwords
43% were social engineering based
What does "hacking" mean? And how much hacking did or did not involve malware?
66% of malware got in via email
73% of breaches were financially motivated
21% of breaches were espionage related
27% were discovered by third parties
I find the 1/4 insider involvement to be high. Not saying it’s wrong. Just saying it seems high.
I think they could use a better term than "hacking" to describe their most common type of tactic. Perhaps "manual intervention"?
I’d love to see some sort of analysis of controls in this report, or a similar report. So basically what controls from say the CIS set are most recommended this year based on the DBIR findings?
That’s not a bullseye because every company is different, but maybe they could do a recommended controls list for each industry or something.
Anyway, solid stuff as usual from he team. And I enjoyed the summary as well.
I imagine a lot of these questions were answered in the full version of the report. This is analysis of the executive summary.