
Highlights of Verizon 2018 Data Breach Investigations Report - matteska
https://www.templarbit.com/blog/2018/04/11/highlights-of-the-verizon-2018-data-breach-investigations-report
======
zinssmeister
Verizon released the 11th edition of their report yesterday and I took a quick
look at it this morning and started compiling interesting highlights into this
post.

Hope this will be of value to some of you. Particularly to people that don't
want to spend time reading the entire PDF report.

------
simoes
There is also this companion site: [http://www.verizonenterprise.com/verizon-
insights-lab/dbir/t...](http://www.verizonenterprise.com/verizon-insights-
lab/dbir/tool/)

~~~
zinssmeister
Thank you for sharing this, haven't seen this before. Pretty interesting.

------
forapurpose
The report looks very interesting, but for percentages to be meaningful we
need to know that the data is a representative sample of actual breaches. Is
it?

~~~
zinssmeister
The percentages in this report are in relationship with the data points of
53,000 incidents and 2,216 confirmed data breaches that the team analyzed.

~~~
forapurpose
Yes, I saw and I should have included that in my comment. But I have no idea
how many incidents and data breaches exist in reality. Is that a random
selection? All incidents/breaches reported someplace? Are they all Fortune 500
company breaches?

What does this sample represent?

~~~
zinssmeister
Ah, yes I see what you mean. You got an excellent point here. It's not just
fortune 500 companies, because one of the data points highlights that among
the victims the SMB sector has the highest allocation. My guess is that the
analysts try to get data from as many breaches as possible every year.
Probably partnering with incident response firms like Mandiant. It's not a
sample set and at the same time it is because a lot of breaches go undetected.

~~~
GabeTheEngineer
I'd recommend taking a look at the Appendix E: Methodology. It's a little long
at three pages, but hopefully answers your questions. If not, hit up the email
address or twitter account on page 47 and we'll answer them.

Gabe Co-Author

~~~
zinssmeister
Gabe, thanks for that. Just checked the Appendix E section you mentioned,
instantly a fan of what I saw there. Glad you have filters in place rather
than just taking any breach report into the data set.

