The Verizon 2015 Data Breach Investigations Report (DBIR) was publicly released today. This report is prepared annually by the Verizon Enterprise Services team to provide an analysis of information security incidents and data breaches. It was first published in 2008 and quickly became standard reference material for the information security community.
The report’s data set combines data from public and private organizations around the world, including law enforcement agencies, national incident-reporting entities, research institutions, private security firms, and of course Verizon itself. Before being analyzed, the case studies, reports, and interviews are standardized using the Vocabulary for Event Recording and Incident Sharing (VERIS) Framework .
Information in the report is used to identify common attack patterns, including point-of-sale intrusions, Web application attacks, insider threats, physical theft, crimeware, payment card skimmers, denial of service, cyber-espionage, and miscellaneous errors. The report also explains how often each of the attack vectors results in a data breach. For each type of attack, the DBIR maps out the threat actors, types of organizations targeted, and the security controls that can best enable enterprises to prevent attacks that result in data breaches.
This years report provides a number of important findings and new data analysis especially around the cost of data breaches. The report contains analysis of 2,122 confirmed data breaches and 79,790 security incidents. It is available for download from www.verizonenterprise.com/DBIR/