I'm going to live-tweet my observations about the 2016 Verizon DBIR as I read it. Judging by past years, it won't be pretty.
-
-
Replying to @dguido
I generally think the analysis in the DBIR is poor and it assists in misleading enterprise defenders. Without further ado, here we go!
2 replies 9 retweets 17 likes -
Replying to @dguido
Oh cool, companies are getting worse at detecting breaches over time. This is my favorite graph every year.pic.twitter.com/UjPxhMvgRH
3 replies 40 retweets 34 likes -
Replying to @dguido
This is a stupid graph and Verizon should feel bad for letting Kenna Security put it in their report.pic.twitter.com/v9Hs7CC9Kg
5 replies 11 retweets 16 likes -
Replying to @dguido
Do we not understand that counting vulnerabilities without context is useless? Verizon organized their data into attack patterns, c'mon.
2 replies 4 retweets 7 likes -
Replying to @dguido
Phishing education continues to be a mostly worthless pursuit. 30% of all emails opened, median time to click ~4m.pic.twitter.com/0mXYqHSFrg
6 replies 57 retweets 39 likes -
Replying to @jruderman
@dguido For classic phishing: how effective are password managers? How effective is it to teach people how and when to read the URL bar?1 reply 0 retweets 0 likes -
Replying to @jruderman
@dguido For malware phishing: why was their shit so out of date that opening a PDF got them owned? That's on the vendor, OS/distro, and IT.1 reply 0 retweets 0 likes
@jruderman 100% agree, I even built a [failed] product based on that premise. Training is an easier pill to swallow. https://web.archive.org/web/20141015211623/https://www.javelinsecurity.com/ …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.