Verizon publishes data breach digest to provide 'stories' behind DBIR stats


SAN FRANCISCO – For the first time, Verizon is publishing a data breach digest that provides breach scenarios culled from its highly regarded annual Data Breach Investigations Report, or DBIR.

The new report, unveiled Wednesday, details 18 real-world data breach scenarios based on their prevalence and/or impacts in the field. Twelve of the cases represent more than 60 percent of the 1,175 cases investigated by the RISK team in the DBIR over the past three years while the other six are less common but more destructive, Verizon explained.

For each scenario, the digest provides a detailed analysis of how the attack occurred, level of sophistication, threat actors involved, tactics and techniques used and recommended countermeasures. The report is designed to help businesses and government agencies understand how to identify signs of a data breach, sources of evidence and ways to investigate, contain and recover from a breach.

Bryan Sartin, managing director of Verizon Enterprise Solutions's RISK Team, told a panel here at the RSA Conference that his team decided to put together the data breach digest to provide "stories" behind the statistics in the DBIR.

"We created it to give readers a true look into breach investigations from the perspective of the people on the ground doing the work – the decision making process, what they see and what they deal with," he said.

"For the less technically inclined, the digest gives a perspective of what it is like to be one of the data breach victims," Sartin said.

While the goal is to provide a "true look," Verizon has modified details, such as changing names, locations, quantity of records breached and monetary losses to preserve anonymity.

The 2016 DBIR is expected to be released late next month, Sartin related.

For more:
- see the Verizon release
- read the data breach digest [reg. req.]

Related Articles:
Breaches of protected health information not confined to healthcare industry
Lack of access controls, poor password policy behind Target breach, says internal report
Verizon has access to mobile security data! Who knew, right?