From pirates on the high seas hacking into shipping companies to infected employee devices leading to financial and brand loss, Verizon's Data Breach Digest, which was released on March 3, is a collection of behind-the-scenes stories from the world of data breach investigations.
Compiled by the same folks that bring us the Data Breach Investigations Report each year, the DBD is a more whimsical look from the investigator's point of view into various breaches and common scenarios from across the globe (see: Verizon Breach Report: What it Means),
"There is a big commonality in the way organizations are being attacked, " says Ashish Thapar, a managing principal at Verizon Enterprise Solutions. "The selected scenarios are classified into four groups viz the human element, breaches through device tampering, misconfiguration and malicious software. The idea is for organizations to take these stories back and assess if any of the 18 scenarios may be applicable to their environment."
While DBIR and other report furnish statistics and analysis in trend and patterns, the DBD is a closer look at the contextual application of these trends in real-world cases, Thapar explains. Each scenario comes with a detailed analysis of how the attack occurred, level of sophistication, threat actors involved, tactics and techniques used and recommended countermeasures.
Thapar expects this will make Verizon's data breach research more accessible to CXOs, practitioners and the general public. Citing an example of the kind of innovation that investigators uncovered during the course of their assessments, Thapar recounts the case of pirates hacking into the content management system of a shipping company to pinpoint high value targets for their attacks.
In this exclusive interview (seek link below image), Thapar outlines the DBD and some of its key findings, along with recommendations for how practitioners can apply this information to their business context. Thapar expands upon:
- The Data Breach Digest's focus areas;
- Key differences and relevance of the research therein;
- Some real-world examples of breach incidents featured.
Thapar is the managing principal, risk services - APAC, at Verizon Enterprise Solutions. His domain experience spans across designing, implementing and managing information security management system for multiple organizations. Thapar has written several white papers and articles on information security topics. He also has been a featured speaker at several industry events addressing IT and information security.