NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

2017 Data Breach Investigations Report Are you gambling with your future?

Nicolas Villatte

EMEA Labs Manager

VTRAC Labs | Verizon Threat Research Advisory Center

PTE16945

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

Proprietary statement

This document and any attached materials are the sole property of Verizon and

are not to be used by you other than to evaluate Verizon's service.

This document and any attached materials are not to be disseminated,

distributed or otherwise conveyed throughout your organization to employees

without a need for this information or to any third parties without the express

written permission of Verizon.

© 2017 Verizon. All rights reserved. The Verizon name and logo and all other

names, logos and slogans identifying Verizon's products and services are

trademarks and service marks or registered trademarks and service marks of

Verizon Trademark Services LLC or its affiliates in the United States and/or other

countries.

All other trademarks and service marks are the property of their respective

owners.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement. 2

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

3

2017 Data Breach Investigations Report (DBIR)

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

Lift the lid on cybercrime.

1,935 breaches

42,068 incidents

65 contributors

10th edition

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

4

65 Contributors

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

5

Geographical coverage

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

6

Data-driven decision making

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

7

The VERIS framework

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

Actor – Who did it?

Action – How’d they do it?

Asset – What was affected?

Attribute – How was it affected?

Documentation, classification examples, enumerations: http://veriscommunity.net/

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

8

A chain of events

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

9

Attack patterns.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

88% of breaches fall into the

nine attack patterns we first

identified in 2014.

Understanding these helps

you predict what the bad

guys will do next.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

10 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

What’s the Biggest Threat you Face? Understanding the who, what, why and how helps you know

where to spend your budget.

11

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

12

The crooks aren’t just after the big guys.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

Nearly two-thirds of the data

breach victims in this year’s

report are businesses with

under 1,000 employees. 61%

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

13

Cybercrime is rarely precision targeting.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

Cybercriminals are mostly

opportunistic; trawling for weak

points to use as a foothold.

Don’t be fooled by the

Hollywood caricatures

of cybercriminals.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

14

The basics still aren’t covered.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

1 in 14 users fell for

phishing. A quarter of those

were duped more

than once.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

15

Key findings (1/2)

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

16

Key findings (2/2)

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

17

Threat actors motivation

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

6

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

18

Technology gap

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

19

Breach discovery method over time

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

6

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

20 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

21

Financial Services

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this

material is not permitted to any unauthorized persons or third parties except by written agreement.

Denial of

Service

Web

Application

Attacks

Payment Card

Skimming

94% External 71% Credentials 96% Financial 88% of incidents

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

22

Retail

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this

material is not permitted to any unauthorized persons or third parties except by written agreement.

Denial of

Service

Payment Card

Skimmers

Web

Application

Attacks

92% External 57% Payment 96% Financial 81% of incidents

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

23

Manufacturing

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this

material is not permitted to any unauthorized persons or third parties except by written agreement.

Cyber-

Espionage

Privilege

Misuse

Everything

Else

93% External 91% Secrets 94% Espionage 96% of breaches

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

Build your Defenses Wisely. While attackers are using new tactics and tricks, their overall

strategies remain relatively unchanged.

26

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

27

Crimeware

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

All instances involving

malware that did not fit

into a more specific

pattern.

Ransomware is big

business

• Now the most common form

of malware.

• Ransomware is fast, low risk

and easily monetizable for

the attacker.

• Bitcoin makes collecting

anonymous payments easy.

What you can do

• Watch out for macro-enabled

MS Office documents

• Stress the importance of

software updates.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

28

Cyber-Espionage

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

What you can do

• Throw your weight behind

security awareness training.

• Encourage your teams to

report phishy emails.

Welcome to the long game

• A malicious email is the

favored way in.

• Typically followed by tactics

aimed at blending in.

• Attackers need time to gather

the data they’re interested in.

Attacks linked to state-

affiliated actors, and/or

with the motive of

espionage.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

29

Web Application Attacks

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

Any incident in which a

web application was used

as the means of attack.

Don’t become a stepping

stone

• Non-e-commerce websites

are a growing target.

• Names, addresses and more

are stored, but usually with

weaker protection.

• Personal data and

credentials are stolen and

used elsewhere.

What you can do

• Encourage customers to vary

their passwords and use two-

factor authentication.

• Limit the amount of sensitive

information stored in web-

facing applications.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

Quick takeaways

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement. 30

Be vigilant

Make people your first line

of defense.

Only keep data on a

“need to know” basis.

Patch promptly.

Encrypt sensitive data.

Use two-factor authentication.

Don’t forget physical security.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

31

Find out more…

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.

2017 DBIR

An in-depth analysis of

cybersecurity.

DBIR executive summary

All the key findings from the

2017 DBIR, with insight and

guidance tailored to

executives.

Data Breach Digest

Real cases from the frontline

of cybersecurity that reveal

what really happens when an

organization is breached.

NOTE: These gray boxes are 12 grids guide

• Use these boxes as a guideline to place your content

• They won’t show on the slide show mode

Thank you.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.

Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement. 32

DBIR@verizon.com

http://www.verizonenterprise.com/DBIR2017