Highlights of Verizon's 2012 Data Breach Investigations Report

May 2012

Verizon has published the 5th of the Annual Data Breach Investigations Report on March 2012. The report analyzes forensic evidence of 2011 to find out how sensitive data was stolen from organizations, who did it, why they did it and what might be done to prevent it. I made a short summary of the 76 pages long report to help impatient readers looking if it is relevant and possibly helpful in planning of any type of controls for data protection. The full report is available to download at http://www.verizonenterprise.com/Products/security/dbir/

The report focuses on data breaches consolidated from hundreds of incidents in diverse geographies with various contributors, including United States Secret Service (USSS) and the Dutch National HighTech Crime Unit (NHTCU), Australian Federal Police (AFP), the Irish Reporting & Information Security Service (IRISS), and the Police Central eCrimes Unit (PCeU) of the London Metropolitan Police. Data collection and analysis was done using a set of metrics defined in the Verizon Enterprise Risk and Incident Sharing (VERIS) framework. This methodology is open and free for public use. The threat model here views a security incident as a series of events that adversely affects the information assets of an organization. Four A’s (AGENT, ACTION, ASSET, ATTRIBUTE) comprise the elements of an event describing threat and incident scenarios.

It is also worth to note that the event data for large organizations is grouped, analyzed and reported separately to reveal the patterns that is more specific to those organizations.

Following the Four A structure (Agents, Actions, Asset, Attribute), the characteristics of the incidents covered in the report can be summarized as below;