DOCSLIB.ORG

Verizon's 2012 Data Breach Investigations Report (DBIR)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Verizon's 2012 Data Breach Investigations Report (DBIR) VGhhbmsgeW91IGZvciBwYXJ0aWNpcGF0aW5nIGluIHRoZSAyMDEyIFZlcml6b24gREJJUiBDb3Zl ciBDaGFsbGVuZ2UuCldlIGhvcGUgeW91IGVuam95IHRoaXMgY2hhbGxlbmdlIGFzIG11Y2ggYXMg d2UgaGF2ZSBlbmpveWVkIGNyZWF0aW5nIGl0LiAgCgoKVGhlcmUgb25jZSB3YXMgYSBsYWR5IGZy b20gTmFudHVja2V0LApXaXRoIHRleHQgc28gd2lkZSB3ZSBjb3VsZCBncm9rIGl0Lgp3ZSBjaG9w cGVkIGFuZCBzbGljZWQgaXQgYWxsIGRheSBsb25nLApPbmx5IHRvIGZpbmQgc2hlIHdhc27igJl0 IGFsbCB3cm9uZy4KCldpdGggc2tpbGwgYW5kIGVhc2Ugd2UgYmF0dGxlZCB0aGlzIGZpZ2h0LApF eGNlcHQgc2hlIHdhcyBub3QgdG90YWxseSByaWdodC4KVHdpc3RpbmcgYW5kIHR1cm5pbmcgd2Ug a2VwdCBvbiBzdHJvbmcsCldlIHNob3VsZCBoYXZlIGJlZW4gc2luZ2luZyBhbGwgYWxvbmc6CgpN YXJ5IGhhZCBhIGxpdHRsZSBsYW1iLApsaXR0bGUgbGFtYiwgbGl0dGxlIGxhbWIsCk1hcnkgaGFk IGEgbGl0dGxlIGxhbWIsCndob3NlIGZsZWVjZSB3YXMgd2hpdGUgYXMgc25vdy4KCkFuZCBldmVy eXdoZXJlIHRoYXQgTWFyeSB3ZW50LApNYXJ5IHdlbnQsIE1hcnkgd2VudCwKYW5kIGV2ZXJ5d2hl cmUgdGhhdCBNYXJ5IHdlbnQsCnRoZSBsYW1iIHdhcyBzdXJlIHRvIGdvLgoKSXQgZm9sbG93ZWQg aGVyIHRvIHNjaG9vbCBvbmUgZGF5CnNjaG9vbCBvbmUgZGF5LCBzY2hvb2wgb25lIGRheSwKSXQg Zm9sbG93ZWQgaGVyIHRvIHNjaG9vbCBvbmUgZGF5LAp3aGljaCB3YXMgYWdhaW5zdCB0aGUgcnVs ZXMuCgpJdCBtYWRlIHRoZSBjaGlsZHJlbiBsYXVnaCBhbmQgcGxheSwKbGF1Z2ggYW5kIHBsYXks IGxhdWdoIGFuZCBwbGF5LAppdCBtYWRlIHRoZSBjaGlsZHJlbiBsYXVnaCBhbmQgcGxheQp0byBz ZWUgYSBsYW1iIGF0IHNjaG9vbC4KCkFuZCBzbyB0aGUgdGVhY2hlciB0dXJuZWQgaXQgb3V0LAp0 dXJuZWQgaXQgb3V0LCB0dXJuZWQgaXQgb3V0LApBbmQgc28gdGhlIHRlYWNoZXIgdHVybmVkIGl0 IG91dCwKYnV0IHN0aWxsIGl0IGxpbmdlcmVkIG5lYXIsCgpBbmQgd2FpdGVkIHBhdGllbnRseSBh Ym91dCwKcGF0aWVudGx5IGFib3V0LCBwYXRpZW50bHkgYWJvdXQsCkFuZCB3OGVkIHBhdGllbnRs eSBhYm91dAp0aWxsIE1hcnkgZGlkIGFwcGVhci4KCiJXaHkgZG9lcyB0aGUgbGFtYiBsb3ZlIE1h cnkgc28/IgpMb3ZlIE1hcnkgc28/IExvdmUgTWFyeSBzbz8KIldoeSBkb2VzIHRoZSBsYW1iIGxv dmUgTWFyeSBzbywiCnRoZSBlYWdlciBjaGlsZHJlbiBjcnkuCgoiV2h5LCBNYXJ5IGxvdmVzIHRo ZSBsYW1iLCB5b3Uga25vdy4iClRoZSBsYW1iLCB5b3Uga25vdywgdGhlIGxhbWIsIHlvdSBrbm93 LAoiV2h5LCBNYXJ5IGxvdmVzIHRoZSBsYW1iLCB5b3Uga25vdywiCnRoZSB0ZWFjaGVyIGRpZCBy ZXBseS4KJHAK 2012 DATA BREACH INVESTIGATIONS REPORT A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service. 2012 DATA BREACH INVESTIGATIONS REPORT TABLE OF CONTENTS Executive Summary .................................................................................................2 Methodology ........................................................................................................5 Classifying Incidents Using VERIS ...............................................................................6 A Word on Sample Bias ...........................................................................................8 Results and Analysis.................................................................................................9 Demographics ...................................................................................................10 2011 DBIR: Threat Event Overview .............................................................................13 Threat Agents ...................................................................................................16 Breach Size by Threat Agents...............................................................................18 External Agents (98% of breaches, 99+% of records) .....................................................19 Internal Agents (4% of breaches, <1% of records) .........................................................21 Partner Agents (<1% of breaches, <1% of records) ........................................................22 Threat Actions ...................................................................................................23 Malware (69% of breaches, 95% of records) ..............................................................26 Hacking (81% of breaches, 99% of records) ...............................................................30 Social (7% of breaches, 37% of records)...................................................................33 Misuse (5% of breaches, <1% of records) ..................................................................35 Physical (10% of breaches, <1% of records) ...............................................................36 Error (<1% of breaches, <1% of records) ...................................................................37 Environmental (0% of breaches, 0% of records)...........................................................38 Compromised Assets............................................................................................38 Compromised Data ..............................................................................................41 Attack Difficulty.................................................................................................45 Attack Targeting.................................................................................................47 Timespan of Events..............................................................................................48 Breach Discovery Methods......................................................................................51 Anti-Forensics . .55 PCI DSS ..........................................................................................................56 The Impact of Data Breaches....................................................................................58 2012 DBIR: Conclusions and Recommendations...................................................................61 Appendix A: Examining relationships among threat actions.......................................................67 Appendix B: A USSS case study of large-scale “industrialized” cybercrime.......................................72 About the 2012 DBIR Contributors ................................................................................74 Verizon RISK Team...............................................................................................74 Australian Federal Police........................................................................................74 Dutch National High Tech Crime Unit............................................................................74 Irish Reporting & Information Security Service.................................................................75 Police Central e-Crime Unit......................................................................................75 United States Secret Service ...................................................................................76 For additional updates and commentary, please visit verizon.com/enterprise/securityblog EXECUTIVE SUMMARY 2011 will almost certainly go down as a year of civil and cultural uprising. Citizens revolted, challenged, and even overthrew their governments in a domino effect that has since been coined the “Arab Spring,” though it stretched beyond a single season. Those disgruntled by what they perceived as the wealth-mongering “1%” occupied Wall Street along with other cities and venues across the globe. There is no shortage of other examples. This unrest that so typified 2011 was not, however, constrained to the physical world. The online world was rife with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks. While these activities encompassed more than data breaches (e.g., DDoS attacks), the theft of corporate and personal information was This re-imagined and re-invigorated certainly a core tactic. This re-imagined and re-invigorated specter of “hacktivism” rose to haunt specter of “hacktivism” rose to haunt organizations around organizations around the world. the world. Many, troubled by the shadowy nature of its origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or imagined. Doubly concerning for many organizations and executives was that target selection by these groups didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can’t predict their behavior. It wasn’t all protest and lulz, however. Mainline cybercriminals continued to automate and streamline their method du jour of high-volume, low-risk attacks against weaker targets. Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and other intellectual property. We certainly encountered many faces, varied tactics, and diverse motives in the past year, and in many ways, the 2012 Data Breach Investigations Report (DBIR) is a recounting of the many facets of corporate data theft. 855 incidents, 174 million compromised records. This year our DBIR includes more incidents, derived from more contributors, and represents a broader and more diverse geographical scope. The number of compromised records across these incidents skyrocketed back up to 174 million after reaching an all-time low (or high, depending on your point of view) in last year’s report of four million. In fact, 2011 boasts the second-highest data loss total since we started keeping track in 2004. Once again, we are proud to announce that the United States Secret Service (USSS) and the Dutch National High Tech Crime Unit (NHTCU) have joined us for this year’s report. We also It wasn’t all protest and welcome the Australian Federal Police (AFP), the Irish Reporting & lulz, however. Mainline Information Security Service (IRISSCERT), and the Police Central cybercriminals continued to e-Crime Unit (PCeU) of the London Metropolitan
Load more

Recommended publications
  • An Introduction to Cybersecurity Ethics MODULE AUTHOR: Shannon Vallor, Ph.D
    An Introduction to Cybersecurity Ethics MODULE AUTHOR: Shannon Vallor, Ph.D. William J. Rewak, S.J. Professor of Philosophy, Santa Clara University TABLE OF CONTENTS Introduction 2-6 PART ONE: What are the important ethical issues in cybersecurity? 7-12 Case Study 1 13-15 PART TWO: Common ethical challenges for cybersecurity professionals 15-21 Case Study 2 21-24 Case Study 3 24-28 PART THREE: What are cybersecurity professionals’ obligations to the public? 29-34 Case Study 4 34-38 PART FOUR: What ethical frameworks can guide cybersecurity practice? 38-47 PART FIVE: What are ethical best practices in cybersecurity? 48-56 Case Study 5 57-60 Case Study 6 60-61 APPENDIX A: Relevant Professional Ethics Codes & Guidelines (Links) 62 APPENDIX B: Bibliography/Further Reading 63-65 1 An Introduction to Cybersecurity Ethics MODULE AUTHOR: Shannon Vallor, Ph.D. William J. Rewak, S.J. Professor of Philosophy, Santa Clara University 1. What do we mean when we talk about ‘ethics’? Ethics in the broadest sense refers to the concern that humans have always had for figuring out how best to live. The philosopher Socrates is quoted as saying in 399 B.C. that “the most important thing is not life, but the good life.”1 We would all like to avoid a bad life, one that is shameful and sad, fundamentally lacking in worthy achievements, unredeemed by love, kindness, beauty, friendship, courage, honor, joy, or grace. Yet what is the best way to obtain the opposite of this – a life that is not only acceptable, but even excellent and worthy of admiration? How do we identify a good life, one worth choosing from among all the different ways of living that lay open to us? This is the question that the study of ethics attempts to answer.
    [Show full text]
  • Report on Review of Contract Law: Formation, Interpretation, Remedies for Breach, and Penalty Clauses
    (SCOT LAW COM No 252) Report on Review of Contract Law: Formation, Interpretation, Remedies for Breach, and Penalty Clauses report Report on Review of Contract Law: Formation, Interpretation, Remedies for Breach, and Penalty Clauses Laid before the Scottish Parliament by the Scottish Ministers under section 3(2) of the Law Commissions Act 1965 March 2018 SCOT LAW COM No 252 SG/2018/34 The Scottish Law Commission was set up by section 2 of the Law Commissions Act 1965 (as amended) for the purpose of promoting the reform of the law of Scotland. The Commissioners are: The Honourable Lord Pentland, Chairman Caroline S Drummond David E L Johnston QC Professor Hector L MacQueen Dr Andrew J M Steven. The Chief Executive of the Commission is Malcolm McMillan. Its offices are at 140 Causewayside, Edinburgh EH9 1PR. Tel: 0131 668 2131 Email: [email protected] Or via our website at https://www.scotlawcom.gov.uk/contact-us/ NOTES 1. Please note that all hyperlinks in this document were checked for accuracy at the time of final draft. 2. If you have any difficulty in reading this document, please contact us and we will do our best to assist. You may wish to note that the pdf version of this document available on our website has been tagged for accessibility. 3. © Crown copyright 2018 You may re-use this publication (excluding logos and any photographs) free of charge in any format or medium, under the terms of the Open Government Licence v3.0. To view this licence visit http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3; or write to the Information Policy Team, The National Archives, Kew, Richmond, Surrey, TW9 4DU; or email [email protected].
    [Show full text]
  • Exemplar Texts for Grades
    COMMON CORE STATE STANDARDS FOR English Language Arts & Literacy in History/Social Studies, Science, and Technical Subjects _____ Appendix B: Text Exemplars and Sample Performance Tasks OREGON COMMON CORE STATE STANDARDS FOR English Language Arts & Literacy in History/Social Studies, Science, and Technical Subjects Exemplars of Reading Text Complexity, Quality, and Range & Sample Performance Tasks Related to Core Standards Selecting Text Exemplars The following text samples primarily serve to exemplify the level of complexity and quality that the Standards require all students in a given grade band to engage with. Additionally, they are suggestive of the breadth of texts that students should encounter in the text types required by the Standards. The choices should serve as useful guideposts in helping educators select texts of similar complexity, quality, and range for their own classrooms. They expressly do not represent a partial or complete reading list. The process of text selection was guided by the following criteria: Complexity. Appendix A describes in detail a three-part model of measuring text complexity based on qualitative and quantitative indices of inherent text difficulty balanced with educators’ professional judgment in matching readers and texts in light of particular tasks. In selecting texts to serve as exemplars, the work group began by soliciting contributions from teachers, educational leaders, and researchers who have experience working with students in the grades for which the texts have been selected. These contributors were asked to recommend texts that they or their colleagues have used successfully with students in a given grade band. The work group made final selections based in part on whether qualitative and quantitative measures indicated that the recommended texts were of sufficient complexity for the grade band.
    [Show full text]
  • The Top 20 Cyberattacks on Industrial Control Systems
    THE TOP 20 CYBERATTACKS on Industrial Control Systems Andrew Ginter, VP Industrial Security, Waterfall Security Solutions Version 1.1, May 2018 Copyright 2018 Waterfall Security Solutions LTD. All rights reserved. Proprietary and Confidential CONTENTS EXECUTIVE SUMMARY ........................................................................... 2 INTRODUCTION ....................................................................................... 4 THE TOP 20 ATTACKS ............................................................................ 5 WATER TREATMENT SYSTEM EXAMPLE .......................................... 17 ATTACK EVALUATION .......................................................................... 18 IMPROVING ICS SECURITY .................................................................. 22 UPDATED ATTACK EVALUATION ....................................................... 23 SUMMARY .............................................................................................. 27 ABOUT WATERFALL SECURITY SOLUTIONS ................................... 28 EXECUTIVE SUMMARY No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. Evaluating cyber risk in industrial control system (ICS) networks is difficult, considering their complex nature. For example, an evaluation can consider explicitly or implicitly up to hundreds of millions of branches of a complex attack tree modelling attack interactions with cyber, physical, safety and protection
    [Show full text]
  • Songwriter-Music Publisher Agreements and Disagreements, 18 Hastings Comm
    Hastings Communications and Entertainment Law Journal Volume 18 | Number 1 Article 3 1-1-1995 Everything That Glitters Is Not Gold: Songwriter- Music Publisher Agreements and Disagreements Don E. Tomlinson Follow this and additional works at: https://repository.uchastings.edu/ hastings_comm_ent_law_journal Part of the Communications Law Commons, Entertainment, Arts, and Sports Law Commons, and the Intellectual Property Law Commons Recommended Citation Don E. Tomlinson, Everything That Glitters Is Not Gold: Songwriter-Music Publisher Agreements and Disagreements, 18 Hastings Comm. & Ent. L.J. 85 (1995). Available at: https://repository.uchastings.edu/hastings_comm_ent_law_journal/vol18/iss1/3 This Article is brought to you for free and open access by the Law Journals at UC Hastings Scholarship Repository. It has been accepted for inclusion in Hastings Communications and Entertainment Law Journal by an authorized editor of UC Hastings Scholarship Repository. For more information, please contact [email protected]. Everything That Glitters Is Not Gold:* Songwriter-Music Publisher Agreements and Disagreements by DON E. TOMLINSON** Table of Contents I. Introduction ............................................ 87 A. The Fundamental Songwriting-Music Publishing Quid Pro Quo ...................................... 88 1. Advances Against Royalties .................... 88 2. Demonstration Recordings ..................... 89 3. Exploitation .................................... 90 4. "H it" Songs ..................................... 90 B. The
    [Show full text]
  • * * * CLEAN AIR ACT TITLE V OPERATING PERMIT for Deseret
    * * * CLEAN AIR ACT TITLE V OPERATING PERMIT for Deseret Power Electric Cooperative Bonanza Power Plant UINTAH AND OURAY RESERVATION (UTE TRIBE) Utah Public Hearings Held at: Utah Uintah & Ouray Reservation Ute Tribal Office - Auditorium 6964 East 1000 East Fort Duchesne, Utah 3 June 2014 1:00 P.M. to 4:00 P.M. JUDGE ELAYNA SUTIN, Hearing Officer DEIRDRE ROTHERY, Air Permitting, Monitoring,and Modeling, Unit Chief * * * Debra A. Dibble; RDR, CRR, CBC, CCP, SCC U.S. EPA Public Hearing * 3 June 2014 * 1:00 p.m. to 4:00 p.m. 1 P R O C E E D I N G S 2 JUDGE SUTIN: Good afternoon, everyone. 13:01:52 3 We'll get started in a few minutes. 13:01:56 4 There's still some people coming in, so I 13:01:58 5 want to give everybody the opportunity to sign in and 13:02:01 6 we'll get started in maybe five minutes or so. 13:02:04 7 (Whereupon, a break was taken.) 13:02:09 8 JUDGE SUTIN: If you walked in at the 13:03:16 9 registration table, there were no cards. There are 13:03:20 10 some cards now. 13:03:23 11 So if anybody wishes to speak, please sign 13:03:24 12 in so that we know to call your name. 13:03:27 13 And even if you don't want to speak, if you 13:03:30 14 could sign the card, just so that we know you were here 13:03:33 15 in attendance, that would be really helpful.
    [Show full text]
  • View Full Catalog of Encoded Compatible Content
    D-BOX HOME ENTERTAINEMENT IMMERSIVE EXPERIENCES (Hold the Ctrl keyboard key and press the F (Ctrl+F) to search for a specific movie) HaptiCode Release Date RECENTLY ADDED (Year-Month-Day) Star Wars: The Bad Batch - 1st Season EP11 2021-07-09 Black Widow 2021-07-09 Lupin 1st Season EP 6,7 2021-07-07 Loki 1st Season EP 4 2021-07-06 Ace Venture - When Nature Calls 2021-07-06 Ace Ventura - Pet Detective 2021-07-06 Star Wars: The Bad Batch - 1st Season EP10 2021-07-02 Lupin 1st Season EP 4,5 2021-06-30 Loki 1st Season EP 3 2021-06-29 Star Wars: The Bad Batch - 1st Season EP9 2021-06-25 Always 2021-06-23 Lupin 1st Season EP 2,3 2021-06-23 Loki 1st Season EP 2 2021-06-22 Jack Ryan - 2nd Season EP 7,8 2021-06-22 Star Wars: The Bad Batch - 1st Season EP8 2021-06-18 Astérix - The Mansion of the Gods 2021-06-17 Lupin 1st Season EP 1 2021-06-16 Wandavision 1st Season EP 9 2021-06-16 Loki 1st Season EP 1 2021-06-15 Jack Ryan - 2nd Season EP 5,6 2021-06-15 Star Wars: The Bad Batch - 1st Season EP7 2021-06-11 In the Heights 2021-06-11 Wandavision 1st Season EP 7,8 2021-06-09 Jack Ryan - 2nd Season EP 3,4 2021-06-08 Star Wars: The Bad Batch - 1st Season EP6 2021-04-06 Conjuring : The Devil Made Me Do It 2021-06-04 Wandavision 1st Season EP 5,6 2021-06-02 Jack Ryan - 2nd Season EP 1,2 2021-06-01 Star Wars: The Bad Batch - 1st Season EP5 2021-05-28 Cruella 2021-05-28 Star Wars: The Clone Wars S07 EP 9,10,11,12 2021-05-27 Wandavision 1st Season EP 3,4 2021-05-26 Get Him to the Greek 2021-05-25 Jack Ryan 1st Season EP 7,8 2021-05-25 Star Wars: The Bad Batch
    [Show full text]
  • ENERGY MASTERMIX - Playlists Vom 23.07.2021
    ENERGY MASTERMIX - Playlists vom 23.07.2021 DOMINIK KOISLMEYER Keine Playlist vorhanden FLIP CAPELLA 1. Calvin Harris Ft. Tom Grennan - By Your Side (Felix Jaehn Remix) 2. Calvin Harris Ft. Tom Grennan X Curbi - By Your Side X Air (Flip Capella Smash) 3. Dino Warriors, Polina Grace, Sound Of Legend - 2 Times (Dimitri Vegas Edit) 4. Tungevaag - Ride With Me (feat. Kid Ink) [Retrovision Remix) 5. Ed Sheeran X Wulflock - Bad Habits X High Class (Flip Capella Smash) 6. LANNÉ & Averro - Be Your Man 7. Surev - Bitter Sweet Symphony 8. Flip Capella X Crystal Rock - Wannabe 9. Chris Lorenzo feat The Streets - Take Me As I Am (Holy Goof Remix) 10. Akon X Chris Lorenzo, The Streets X Holy Goof - Smack That X Take Me As I Am (Flip Capella Smash) 11. Kygo, OneRepublic - Lose Somebody (Galactixx Bootleg) 12. Mike Candys - Cha Cha Cha 13. Nicky Minaj X Tujamo - Starships X Drop It (Flip Capella Smash) 14. Mattafix X Kuba & Neitan - Big City Life X Helicopter (Flip Capella Smash) 15. Sean Paul & Dua Lipa X Atrip X Tujamo - No Lie X Skanker X Keep Pushin (Flip Capella Smash) 16. Katy Perry X DNF - Dark Horse X Move Your Body (Flip Capella Smash) 17. Jonas Blue X Ummet Ozcan - Mama X Higher (Flip Capella Smash) 18. Dual Beat feat. Orito Cantora - Bullerengue 19. Linkin Park & Steve Aoki X Headhunterz - A Light That Never Comes X Live Your Life (Flip Capella Smash) 20. Daft Punk X R3hab - Technologic X Out Of Mind (Flip Capella Smash) 21. Bodybangers, Stephen Oaks, Just Mike - Quit Playing Games (With My Heart) 22.
    [Show full text]
  • SONG ENDS] – Why Movie and Television Producers Should Stop Using Copyright As an Excuse Not to Caption Song Lyrics
    UCLA UCLA Entertainment Law Review Title [SONG ENDS] – Why Movie and Television Producers Should Stop Using Copyright as an Excuse Not to Caption Song Lyrics Permalink https://escholarship.org/uc/item/4bd4n43d Journal UCLA Entertainment Law Review, 22(2) ISSN 1073-2896 Author Stanton, John F. Publication Date 2015 DOI 10.5070/LR8222027684 Peer reviewed eScholarship.org Powered by the California Digital Library University of California [SONG ENDS] – Why Movie and Television Producers Should Stop Using Copyright as an Excuse Not to Caption Song Lyrics John F. Stanton* INTRODUCTION ����������������������������������������������������������������������������������������������������������157 I. THE NATURE OF THE PROBLEM ���������������������������������������������������������������������������159 II. HISTORICAL AND LEGAL BACKGROUND TO CAPTIONING ����������������������������������������163 A. Basic Captioning Explanations ���������������������������������������������������������������163 B. The Inaccessibility Issue ..........................................................................164 C. Legal and Technological Improvements Boost Captioning Access .........166 D. The Right to Captioned Song Lyrics ........................................................170 III. LEGAL BACKGROUND TO COPYRIGHT ������������������������������������������������������������������172 A. General Principles ...................................................................................172 B. The Fair Use Defense ..............................................................................173
    [Show full text]
  • 2020 Data Breach Investigations Report DBIR Cheat Sheet 5 Summary Introduction of Findings
    DBIR 2020 Data Breach 2020 Investigations Report 3,950 breaches That is what you are seeing. Each of these squares is organized by the 16 different industries and four world regions we cover in this year’s report. Each square represents roughly one breach (1.04 to be more exact), for a total of 4,675 squares since breaches can be displayed in both their industry and region. We also analyzed a record total of 157,525 incidents, 32,002 of which met our quality standards. The data coverage this year is so comprehensive that it shines through the monochromatic front cover, reinforcing the mission of the DBIR as being a data-driven resource. Turn the page to dig into the findings. Table of contents 01 03 05 DBIR Cheat sheet 4 Industry analysis 40 Regional analysis 86 Introduction 6 Accommodation and Food Northern America (NA) 90 Services (NAICS 72) 46 Summary of findings 7 Europe, Middle East and Africa (EMEA) 94 Arts, Entertainment and Recreation (NAICS 71) 48 Asia Pacific (APAC) 97 Construction (NAICS 23) 50 Latin America and the Caribbean (LAC) 101 02 Educational Services (NAICS 61) 52 Financial and Insurance (NAICS 52) 54 Results and analysis 8 Healthcare (NAICS 62) 56 06 Actors 11 Information (NAICS 51) 59 Actions 13 Manufacturing (NAICS 31–33) 61 Wrap-up 104 Threat action varieties 14 Mining, Quarrying, and Oil & Gas CIS Control recommendations 106 Extraction + Utilities Error 15 Year in review (NAICS 21 + NAICS 22) 64 109 Malware 16 Other Services (NAICS 81) 66 Ransomware 17 Professional, Scientific and Hacking 20 Technical Services (NAICS
    [Show full text]
  • A Lullaby Under the Golden African Skies! the Lion King
    YOUR IN-FLIGHT ENTERTAINMENT PLANNER TO A FULFILLED AND RELAXED FLIGHT DECEMBER 2019 #ISSUE12 A LULLABY UNDER THE GOLDEN AFRICAN SKIES! THE LION KING. BE ENTERTAINED IN THE DECEMBER ISSUE CONTENTS 3. December Highlights 4. Interview 6. New Releases 9. African Choice 12. Kids’ Collection 13. Worldwide 14. Asian Collection 15. TV Series 16. TV Features 04 17. Music 18. Radio Features 19. Audio On Demand 20. Remotes 23. Games 09 06 12 South African Airways is proud to offer it’s passengers a wide selection of movies, TV programmes and music tunes to keep you entertained through-out your flight. It’s jingle bells and presents all around the globe as the festivities are under way. Christmas is a time of giving and being with your loved ones as you wait to usher in the new year as the count down for new beginnings begins. Here at SAA we have just the right mix of entertainment to keep you and your family entertained as you jet off to your next destination or heading home to spend time with your family. Young or old, you will enjoy the latest comedy shows and fun kids programming, while for the more discerning tastes, we offer a fine variety of Wildlife, Business and Sport reports with a mix of our Worldwide and Asian titles. Besides the latest Blockbusters and old favourites, We invite you to sit back and relax while we take care of everything else including bringing the festive light to life. AIRSCAPE | 2 DECEMBER HIGHLIGHTS The official fun is in full swing as December is when we close the calendar and gear up for the new year.
    [Show full text]
  • 2011 Data Breach Investigations Report
    2011 Data Breach Investigations Report AUTHORS: TABLE OF CONTENTS Wade Baker Executive Summary ...............................................................2 Mark Goudie Year in Review, 2010 ...............................................................4 Alexander Hutton 2010 From the U.S. Secret Service Perspective ...................................6 C. David Hylender 2011 DBIR: Methodology ..........................................................7 Jelle Niemantsverdriet Verizon Data Collection Methodology...........................................7 Christopher Novak USSS Data Collection Methodology .............................................8 David Ostertag NHTCU Data Collection Methodology ...........................................8 Christopher Porter Classifying Incidents Using VERIS................................................9 Mike Rosen Turning the Incident Narrative into Metrics .....................................10 Bryan Sartin A Word on Sample Bias ........................................................11 Peter Tippett, M.D., Ph.D Results and Analysis ..............................................................11 Men and women of the Demographics ................................................................12 United States Secret Service 2010 Threat Event Overview ...................................................15 Threat Agents .................................................................17 CONTRIBUTORS: Breach Size by Threat Agents..............................................19 External agents ...........................................................20
    [Show full text]