HackerSecret.com - The Most Authoritative Site in the World on the Hacking Tools and Techniques, Penetration Testing and CyberSecurity

  • Home
  • Visit Our Shop
  • Download the free App
  • Contact us for Info
VISIT OUR SHOP! CLICK HERE !

My Takeaways from the 2019 DBIR Report

by / Friday, 14 June 2019 / Published in Hacking
Share
Tweet
Pin
0 Shares

Many years ago, Verizon started a trend by releasing their Data Breaches Investigations Report, and today there are dozens of companies releasing similar offerings. But even with all the competition—some of which are quite good—the original DBIR report is still my favorite.

Get the full report

Here were my main takeaways from this year’s release.

Meta

  • This is the 12th year of the report
  • As usual, it’s built from real-world data
  • This year they included 41,686 security incidents and 2,013 data breaches
  • There were 73 data sources spanning 86 countries

Perpetrators

  • 69% of attacks came from outsiders
  • 34% involved internal actors
  • They say only 5% involved partners, which I would thought would have been higher

Techniques

Keep in mind that many incidents/breaches fall into multiple categories.

  • Around half involved “hacking”
  • 1/3 included social engineering
  • Around 1/3 involved malware
  • They say only around 4% involved a physical component, which I find fascinating. Coming from such a major report, this could lead some to spend less on physical pentesting. Although, maybe that 4% were the ones that mattered most.

Victims

  • Almost half the victims were small businesses

Attack types vs. industries

  • Denial of service and hacking was popular across many industries
  • The server itself was the most popular target
  • Hospitality (Accommodation) had series issues with malware and hacking

Their key analysis points

  • Executives are being targeted (between and 9 and 12 times more than in the past)
  • Attackers are following companies into the cloud
  • Web-app-based payment systems are catching up to physical terminal compromises. This is interesting, since I would have thought this crossover would have happened a long time ago. They say Chip and Pin could be a major factor in this
  • Ransomware is still a very common technique

Maybe we need to build campaigns that more specifically target mobile?

  • Phishing is quite effective on mobile devices
  • Miscellaneous Errors continue to represent in many patterns, especially where the industry is usually understaffed and underskilled (healthcare, education, etc.)
  • Espionage is the biggest issue in the public sector

Other observations

Thanks to Anton Chuvakin for seeing these.

  • Over half of the breaches took multiple months to discover
  • Only around 6% of breaches were the result of exploiting vulnerabilities (why hack when you can just log in?)
  • Malware was delivered by email in 94% of cases (oldie but goodie)
  • Anton makes the great point that data at rest isn’t the only target anymore; if they can compromise what customers type data into, they get the same data (albeit less)

My takeaways

  1. If you stay up on security news there weren’t too many surprises, but the data backing continues to be exemplary
  2. Protect your VIPs (including executives)
  3. With 1/3 of attacks involving internal actors, and 15% involving misuse by authorized users, they make a pretty strong push for monitoring insiders (also known as employees)
  4. Errors were involved in 21% of attacks, which is still extremely high. Do your best to avoid own-goals

Overall, another solid release. Well done to the team.

And it really is worth taking the time to at least skim the full report.

—
Become a direct supporter of my content for less than a latte a month ($ 50/year) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month, plus access to the member portal that includes all member content.

Daniel Miessler

Share
Tweet
Pin
0 Shares
Tagged under: 2019, DBIR, From, Report, Takeaways

Click here now to visit our Shop!

Click here now to visit our Shop!

Other 2300 users like you have already done it this year!

Choose the product you need here!

  • THE FIRST TRUE ANDROID SMARTPHONE FOR HACKING WITHOUT ROOT UNIQUE IN THE WORLD WITH ALL THE APPS !!! 499,99€ 229,99€
  • HACKER LIBRARY THE LARGEST COLLECTION OF BOOKS AND MANUALS ON HACKING + 100 !!! 99,99€ 29,99€
  • HACK SOCIAL THE GUIDE TO HACK ALL THE SOCIAL ACCOUNTS 99,99€ 29,99€
  • HACKER PACK FOR YOUR SMARTPHONE AND YOUR TABLET WITH ROOT GUIDE AND + 100 PROGRAMS !!! 99,99€ 29,99€
  • THE FIRST TRUE ANDROID SMARTPHONE FOR HACKING UNIQUE IN THE WORLD WITH ALL THE APPS !!! 599,99€ 249,99€
  • HACKER PACK FOR YOUR COMPUTER AND NOTEBOOK + 1000 PROGRAMS 5 GB OF STUFF !!! 99,99€ 29,99€

Our customers say

Annabel M. – Systems Engineer

 
Samuel D. – Ethical Hacker

 
Karola M. – Influencer

 
Marcus P. – Private Investigator

 
Rosemary S. – Housewife

 
Amit V. – IT Consultant

 
Matthew C. – Entrepreneur

 
Aisha B. – Computer Science student

 
Li W. – IT Analyst

 
Robert C. – Programmer

 

DOWNLOADED 1316 TIMES!

DOWNLOADED 1316 TIMES!

Download now Hacker Secret our free Android app.

CONTACT US NOW FOR IMMEDIATE SUPPORT!

Contact Us
Write your email address here
Write here how we can help you - we support you immediately for all your needs!

## Are you looking for products for hacking, computer security and penetration testing? Do you need to clean up your smartphone, your PC or your site from viruses and malware? Do you need to track down someone or retrieve urgent information? Do you want to buy devices already configured to experiment all the hacking techniques quickly and easily? Do you have special needs in software or hardware? ##

Contact us now … another 2300 users like you have already done it this year!

Click here now!

 

Search on the site

Latest posts

  • How to tell if someone is stealing your wifi

  • How to check saved passwords on Chrome

  • The Computer Security Day

  • What is digital forensics

  • How to install Metasploit in Termux?

All the techniques, products and services described or contained on this site are intendend for exclusive use of study and professional training and to test the security of own's computer network in accordance with the national legislations on access to computer and online systems. All the services provided on this site (penetration testing, social accounts hardening, Incident Response & CSIRT, MSSP, Cybersecurity Consultancy, etc.) can be provided only with prior written and documented authorization from the owners or their legitimate representatives in accordance with current national regulations .

TOP
New Order