I'm going to live-tweet my observations about the 2016 Verizon DBIR as I read it. Judging by past years, it won't be pretty.
-
-
Good luck finding payment card skimmers using stolen creds while you're dealing with all these "misc errors"pic.twitter.com/bvQDmkF8of
-
Then why didn't you organize this damn report to match the 9 patterns you *finally* figured out in 2014!?pic.twitter.com/IOmW7YzxHl
-
How am I supposed to interpret ANY of this data if it's not mapped to a threat group or attack pattern? Useless.pic.twitter.com/A7KH4Y0gBp
-
This graph is clearly garbage in / garbage out. They even acknowledge it in the accompanying text. Hilarious.pic.twitter.com/V9ea2gItlM
-
If you use a credit card at a hotel, casino, or retail store, congratulations, it's fucking gone.pic.twitter.com/TtZftmYWUJ
-
This graph appears on page 23, and it's the first real useful one so far. Let's see what else we can read into from it.
-
Everyone is looking at everyone's health records in the healthcare industry.
-
Cyberespionage is HUGE is manufacturing (outside the obvious professional and government industries)
-
Education and Government literally can't even. They both lead in the miscellaneous errors category by a mile. Good luck dudes!
-
Webapps are getting clobbered across the board. No one can deprecate old PHP apps fast enough apparently. LFI/RFI/etc rule.
-
Webapps, so easy to hack that everyone does it for fun. FIG being a useless acronym for "I felt like it, that's why"pic.twitter.com/xRJCluax3n
-
No. Stop. None of that works. The only good answer is "Buy an iPad POS."pic.twitter.com/L0ERLwVozm
-
Ffs go buy an iPad POS! "Malware is the workhorse of POS breaches" Good luck getting any on an immutable filesystem.pic.twitter.com/iMdWS0EkMo
-
get your shit together. get it all together and put it in a backpack, all your shit. so it's together.pic.twitter.com/tEmrRAxpEa
-
Rick and Morty is required watching for infosec teams now, get with it. https://www.youtube.com/watch?v=xIAfCupuZ3w …
-
Probably the saddest graph in the DBIR. I accidentally the publish button too sometimes. *hugs*pic.twitter.com/yEo1tM7vRQ
-
Nope. Just nope. Chromebooks. Cloud data. Useless client devices. Those are the answers for lost/stolen devices.pic.twitter.com/4ddfZ2tHgo
-
Again with C2 being its own category! What the hell Verizon? How does this make sense?pic.twitter.com/7QV7Qd2Wm9
-
Completely lost on Verizon: Any notion of sandboxing or browser versions. Real problems for attackers!pic.twitter.com/4xf4naV5eg
-
It's 2016, nearly all malware is built to order just for you. But keep sharing those MD5s. Info sharing rah rah!pic.twitter.com/xhTpnRGrQ0
-
Verizon missing the boat on useful controls again. Recommended reaction to 99% unique malware: immutability.pic.twitter.com/vbyFvT6m1N
-
Lots of the data in the last third of this report is not very interesting. Espionage campaigns use phishing you say?pic.twitter.com/GOM5T5YANA
-
The usefulness of this graph sums up how I feel about the entire "everything else" sectionpic.twitter.com/vpxpwqfqfU
-
I feel like I know this graph from somewhere, but I can't quite put my finger on it... "death links"? no...pic.twitter.com/JeoT5WBf1K
-
The reason you keep getting free credit monitoring is because that's basically the only thing insurance pays forpic.twitter.com/4yEFqERbTW
-
Either all the credit cards have already been stolen or fraud monitoring is getting really good (probably both)pic.twitter.com/Wlef1VgEZV
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.