Skip to content ↓ | Skip to navigation ↓

I’m still digesting the Verizon 2014 Data Breach Investigations Report (DBIR), which was just released last night, but a couple of things have jumped out at me already after a quick read. First, looking at the graph below on the left, it seems that servers are more popular than ever as attack targets. This is interesting, particularly when compared to the decline in User Device breaches.

Are we getting better at security BYOD, or have attackers just realized there is more of what they are after on a server?  I would guess “density of lucrative assets per device” factors into this trend. Regardless of the driver, I think this is a good reminder to focus on the assets that could most harm your business and making sure they are secure.

Know what you have, know how it’s vulnerable, configure it securely, and continuously monitor it to ensure it isn’t compromised and remains secure.


On the right, we see the trends in the methods through which breaches are discovered. A few things stand out on this data set:

  • Law Enforcement continues to get better at discovering breaches – that is good to see. I still think law enforcement has a PR problem, though – I was talking with a news reporter last week who was asking me why law enforcement isn’t doing anything about catching the criminals. I wish I’d had this graph with me then, so I could show him that law enforcement is actually leading the charge in detecting these breaches, at least as far as the ones that are included in the DBIR. [Note: Yes, I realize, there could be some bias in the sample, as many of these incidents came from law enforcement agencies… but this data is from cases worked by those agencies, regardless of how the initial discovery occurred.]
  • Third-party discovery (with or without Law Enforcement) continues to rise. That means most organizations find out they’ve been breach after being notified by someone outside their organization.  Part of this may be a side effect of all of the free credit monitoring accounts people have been given as a result of past breaches. What do you think?
  • Internal discovery of breaches is flat-lining, which tells me that the traditional efforts of catching our own breaches is still not working. That is a complex problem, but one we need to figure out how to solve on a broad scale. The bad guys will continue to win if we can’t improve the state of the art in incident detection within the enterprise, and a silver-bullet appliance is not enough – this is about composite capabilities comprised of technology, human skills, process, and different thought models than we’ve been using.

Stay tuned for more observations as I am able to digest more of this report. Would love to hear your thoughts, as well…


Related Articles:



picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service  for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.


picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

Tripwire University
  • Actually, I see the internal trend in a positive light (glass half-full…). Basically what it says to me is we've stopped the bleeding and now we're starting to get our act together on internal detection. Maybe it's an optical illusion but it looks to me like internal detection is even on the upswing.

    Maybe it's because the sophisticated tools necessary these days are becoming more affordable. Maybe it's that companies are doing more than just buying shiny toys. Whatever the reasons, I think there is something positive to be viewed there.

    Haven't seen the report yet, I'll have to grab it.

    • Linked to PDF report in first line of article Kenton… Thanks!

    • I like optimism – thanks for the comment. I would like to see the pendulum swing the other way, so I hope you're right about the trend for internal detection. I'm thinking we'll probably continue to see strength in the Law Enforcement line, because they have greater perspective across multiple organizations. However, I'm hoping to see the Third-party line decline and the Internal line go up. Let's hope that's how next year's report trends!