Highlights of Verizon's 2014 Data Breach Investigations Report

April 2014

Verizon has published the new Annual Data Breach Investigations Report (DBIR) with significant structural changes this time. Former DBIRs focus on the elements of incidents separately; i.e., organising them around actors, actions, assets, timelines, etc. (see my previous review here for this structure). They provide extensive amount of information but were quite long and difficult to digest within a short period of time. In the new DBIR, incidents with similar elements are grouped within incident classification patterns and Verizon team managed to group 94% of the incidents within nine basic patterns. This approach brings many benefits such as easy correlation of these patterns to industries and recommendation of specific security controls for each incident pattern. The report is also easier to browse thru each incident pattern that might be of particular interest for an industry or speciality. I tried to highlight major findings of the report below. The complete report is also available here to download for further reading.