Verizon report details 16 shocking breaches from the victim’s unique point of view
Verizon released the 2017 version of its Data Breach Digest, and it is a really entertaining read about a really scary topic. They outline 16 breach scenarios and tell each as a story from the perspective of an impacted victim.
Examples include a CIO that unknowingly “approved” fraudulent wire transfers, an University IT director whose vending machines were part of an IoT botnet that took down the campus networks, and an internal investigator who discovered his network’s compromise was due to contracted janitorial workers with malware-loaded USB devices.
The scenarios are based in reality of actual cases worked by the Verizon RISK Team, though the actual organizations are not specified. “These scenarios draw from real-world cyber security incident investigations. To protect victim anonymity, we modified certain details and took some creative license in writing the scenario narratives,” explains the report.
It reads like a bunch of short espionage stories and is really quite fun. Broken into four breach categories — human element, conduit devices, configuration exploitation and malicious software – they include spy novel-style names like the Secret Squirrel, the Indigent Mole and Acumulus Datum. The audience for the piece is certainly IT types, but the presentation style should help ensure the important message is consumable by non-techie enterprise decision makers as well.
They even have “attack and defend cards” for each scenario to let users further explore precautions relevant to their specific environment and organization.
The Data Breach Digest is a companion to Verizon’s annual Data Breach Investigations Report. That annual publication overviews, “statistics, metrics and insight into the who, what, where, when and how of data breaches and cyber security incidents.” The Digest supplements the stat-laden report attempting to bring breaches to life through narratives told by breach responders.