Skip to content ↓ | Skip to navigation ↓

Quickly, here’s what stood out to me after a breeze through this year’s DBIR:

  • 621.  That’s the number of confirmed breaches out of more than 47,000 security incidents.  621:47,000.
  • The United States comes in third for origin of external attacks.
  • Someone needs to make a slope graph out of Figure 15 (@hrbrmstr?).
  • And, Figure 32.
  • Credential management continues to suffer – badly.
  • The top VERIS Threat Actions may be effectively mitigated by the Top 20 Critical Security Controls

Read more for the controls that are most effective for mitigating the top Threat Actions.

Top VERIS Threat Actions followed by mitigating controls (listed below):

  • Tampering – 4
  • Spyware – 5
  • Backdoor – 9
  • Export data – 9
  • Use of stolen credentials – 4
  • Capture stored data – 8
  • Phishing – 8
  • Command and Control – 9
  • Downloader – 6
  • Brute Force – 10

Controls 2-5 provide the broadest coverage from tampering through brute force (links to my other posts on each control) – managing your inventory and configurations are important to mitigating against these threat actions.