I am quite a big fan of Verizon’s data breach investigations reports and am using their analysis regularly in security discussions. Verizon publishes these reports every spring since 2008 and I see them as especially valuable as they are pulling data from 70 contributing organizations covering over 79’000 security incidents, over 2’100 confirmed breaches and from over 60 countries.
The 2015 report was published recently (available here: 2015 Verizon DBIR) and while it isn’t exactly an easy read I agree with Rapid7’s marketing video that credential theft is the biggest takeaway. Patching is another highlight (or rather lowlight) and that detecting breaches still takes much too long (205 days). The latter is something that I can confirm from the experiences of our incedent response and recovery teams and it is very worrying to think what attackers have time to do for such a long time in an ICT infrastructure.
On the patching topic. A colleague of mine – James Kavanagh, the National Security Officer of Microsoft Australia, wrote a good blog post on “If you do only one thing to reduce your cybersecurity risk…” that I recommend to read and further information is then available in the report “Security Patching in Complex Environments”.
Below Rapid7’s video with highlights from the Verizon DBIR
We are receiving currently increased feedback from Microsoft customers about calls they receive from – supposedly – Microsoft support. The callers claims to be a Microsoft representative or working for a Microsoft partner. The usual call goes about the following:
A cloud can be many things. A white patch in a sunny blue sky, the source of a powerful thunderstorm or almost unlimited computing power. My cloud is a place where I am discussing security, technology, productivity, IT-business alignment and corporate citizenship with a few lightning bolts once a while. I welcome all comments and feedback and if you have a question please use the contact form below.