Do we not understand that counting vulnerabilities without context is useless? Verizon organized their data into attack patterns, c'mon.
This graph appears on page 23, and it's the first real useful one so far. Let's see what else we can read into from it.
-
-
Everyone is looking at everyone's health records in the healthcare industry.
-
Cyberespionage is HUGE is manufacturing (outside the obvious professional and government industries)
-
Education and Government literally can't even. They both lead in the miscellaneous errors category by a mile. Good luck dudes!
-
Webapps are getting clobbered across the board. No one can deprecate old PHP apps fast enough apparently. LFI/RFI/etc rule.
-
Webapps, so easy to hack that everyone does it for fun. FIG being a useless acronym for "I felt like it, that's why"pic.twitter.com/xRJCluax3n
-
No. Stop. None of that works. The only good answer is "Buy an iPad POS."pic.twitter.com/L0ERLwVozm
-
Ffs go buy an iPad POS! "Malware is the workhorse of POS breaches" Good luck getting any on an immutable filesystem.pic.twitter.com/iMdWS0EkMo
-
get your shit together. get it all together and put it in a backpack, all your shit. so it's together.pic.twitter.com/tEmrRAxpEa
-
Rick and Morty is required watching for infosec teams now, get with it. https://www.youtube.com/watch?v=xIAfCupuZ3w …
-
Probably the saddest graph in the DBIR. I accidentally the publish button too sometimes. *hugs*pic.twitter.com/yEo1tM7vRQ
-
Nope. Just nope. Chromebooks. Cloud data. Useless client devices. Those are the answers for lost/stolen devices.pic.twitter.com/4ddfZ2tHgo
-
Again with C2 being its own category! What the hell Verizon? How does this make sense?pic.twitter.com/7QV7Qd2Wm9
-
Completely lost on Verizon: Any notion of sandboxing or browser versions. Real problems for attackers!pic.twitter.com/4xf4naV5eg
-
It's 2016, nearly all malware is built to order just for you. But keep sharing those MD5s. Info sharing rah rah!pic.twitter.com/xhTpnRGrQ0
-
Verizon missing the boat on useful controls again. Recommended reaction to 99% unique malware: immutability.pic.twitter.com/vbyFvT6m1N
-
Lots of the data in the last third of this report is not very interesting. Espionage campaigns use phishing you say?pic.twitter.com/GOM5T5YANA
-
The usefulness of this graph sums up how I feel about the entire "everything else" sectionpic.twitter.com/vpxpwqfqfU
-
I feel like I know this graph from somewhere, but I can't quite put my finger on it... "death links"? no...pic.twitter.com/JeoT5WBf1K
-
The reason you keep getting free credit monitoring is because that's basically the only thing insurance pays forpic.twitter.com/4yEFqERbTW
-
Either all the credit cards have already been stolen or fraud monitoring is getting really good (probably both)pic.twitter.com/Wlef1VgEZV
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.