Verizon 2014 Data Breach Report

Published: 2014-05-04. Last Updated: 2014-05-04 00:29:31 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

Verizon have released their 2014 Data Breach Report which is classified in 9 attack patterns, each have their own section grouped by industries. Their 60 pages reports provides some interesting statistics that are well illustrated, for example: servers are still the primary target because actors know that is where the data is likely to be. This isn't really a surprise that "They plainly show that attackers are getting better/faster at what they do at a higher rate than defenders are improving their trade."[3]

The report can be downloaded here.

[1] http://www.verizonenterprise.com/DBIR/2014/
[2] http://www.verizonenterprise.com/DBIR/gfx/chart.png
[3] http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords:
2 comment(s)

Comments

Interesting, a company that colludes with others to get data is writing about it? Hummm So who is monitoring the monitor? I will use the "onion" when visiting their site or other means to block their "widgets and beacons"


[quote]Debra Lewis, a Verizon Wireless spokeswoman, explained to me that when a customer registers on the company's "My Verizon" website to see a bill or watch TV online, a "cookie," or tracking software, is downloaded onto the customer's home computer.

Most cookies are benign, allowing websites to provide better service to frequent visitors.

[quote]Verizon Wireless' cookie allows a data-collection company working on Verizon's behalf — Lewis declined to name which one — to gather information on which sites you visit after you leave "My Verizon."[/quote]

That information is "anonymized," Lewis said, to mask the Verizon customer's identity and is then shared with marketers, which can use the info to provide ads on the customer's Verizon Wireless device that match his or her home-computer interests.[/quote]
It's cool that they reference the SANS Critical Security Controls! Page 50

Diary Archives