Quickly, here’s what stood out to me after a breeze through this year’s DBIR:
- 621. That’s the number of confirmed breaches out of more than 47,000 security incidents. 621:47,000.
- The United States comes in third for origin of external attacks.
- Someone needs to make a slope graph out of Figure 15 (@hrbrmstr?).
- And, Figure 32.
- Credential management continues to suffer – badly.
- The top VERIS Threat Actions may be effectively mitigated by the Top 20 Critical Security Controls
Read more for the controls that are most effective for mitigating the top Threat Actions.
Top VERIS Threat Actions followed by mitigating controls (listed below):
- Tampering – 4
- Spyware – 5
- Backdoor – 9
- Export data – 9
- Use of stolen credentials – 4
- Capture stored data – 8
- Phishing – 8
- Command and Control – 9
- Downloader – 6
- Brute Force – 10
Controls 2-5 provide the broadest coverage from tampering through brute force (links to my other posts on each control) – managing your inventory and configurations are important to mitigating against these threat actions.
- Control 1: Inventory of Authorized and Unauthorized Devices
- Control 2: Inventory of Authorized and Unauthorized Software
- Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- Control 4: Continuous Vulnerability Assessment and Remediation
- Control 5: Malware Defenses
- Control 8: Data Recovery Capability
- Control 10: Secure Configurations for Network Devices (not yet drafted)
- Control 12: Controlled Use of Administrative Privileges (not yet drafted)
- Control 13: Boundary Defense (not yet drafted)