1 / 24

Verizon 2011 Data Breach Investigations: Analysis & Recommendations

Explore the findings of the 2011 DBIR series by Verizon with over 750 new breaches studied, 4 million records compromised, and euro-centric insights from Dutch HTCU. Gain insights into threat events, malware infection vectors, hacking types, and patchable vulnerabilities. Discover essential controls, data elimination strategies, and secure remote access recommendations for enhanced cybersecurity. Learn how to monitor event logs, reduce compromise-to-discovery timeframes, and detect unusual activities to bolster your organization's defenses.

rmclemore
Download Presentation

Verizon 2011 Data Breach Investigations: Analysis & Recommendations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2011 DBIR

  2. Data Breach Investigations Report series http://verizonbusiness.com/databreach http://securityblog.verizonbusiness.com

  3. 2011 DBIR Contributors Verizon United States Secret Service Dutch National High Tech Crime Unit

  4. Methodology: Collection and Analysis • VERIS framework used to collect data after investigation • Aggregate and anonymize the case data • RISK Intelligence team provides analytics • 630 threat events VERIS: https://verisframework.wiki.zoho.com/

  5. Overview – What’s New? • Over 750 new breaches studied since the last report • Total for all years = 1700+ • Just under 4 million records confirmed compromised • Total for all years = 900+ million • Euro-centric appendix from Dutch HTCU ??

  6. Agents: Whose Actions Affected the Asset?

  7. Agents: Who were the External Agents?

  8. Agents: Who were the Internal Agents?

  9. Actions: What Actions Affected the Asset?

  10. Malware – What was the Infection Vector?

  11. Malware – What was its Functionality?

  12. Malware – How Often was it Customized?

  13. Hacking – What was the Type Used?

  14. Hacking – What Path did the Agent Take? Patchable vulnerabilities: 5

  15. Which Assets were Affected?

  16. Which Assets were Affected?

  17. Which Data Types were Affected?

  18. How Difficult were these Attacks?

  19. How Long to Compromise, Discovery & Containment?

  20. How did the Victim Discover the Breach?

  21. Wrapping up

  22. Wrapping up

  23. Conclusions & recommendations Focus on essential controls. Many organisations make the mistake of pursuing exceptionally high security in certain areas while almost completely neglecting others. Businesses are much better protected if they implement essential controls across the entire organization without exception. Eliminate unnecessary data. If you do not need it, do not keep it. For sensitive data that must be kept, identify, monitor and securely store it. Secure remote access services. Restrict these services to specific IP addresses and networks, minimising public access to them. Also, ensure that your organisation is limiting access to sensitive information within the network. Filter outbound activity. If the criminal cannot get the data out of your environment then the data has not been compromised. Monitor and mine event logs. Focus on the obvious issues that logs pick up, not the records. Reducing the compromise-to-discovery timeframe from weeks and months to days can pay huge dividends. Look for unusual location. Criminals do not tend to attack from the same location as your usual business partner and staff traffic.

  24. DBIR: www.verizonbusiness.com/databreach VERIS: https://verisframework.wiki.zoho.com/ Blog: securityblog.verizonbusiness.com Email: dbir@verizonbusiness.com

More Related