The 2015 DBIR: Before and Beyond the Breach: WebTracks Recap
We are so grateful to have had Chris Novak, RISK team director at Verizon, host the UMSA WebTracks webinar this month. While Novak shared some of the mind-blowing statistics from the 2015 Verizon Data Breach Investigation Report (DBIR), the most valuable part of the webinar was his expert analysis of those statistics.
Key takeaways from the 2015 DBIR
Novak, who has been at Verizon for 8 years, currently heads up the RISK team, which analyzes complex systems around the world to identify evidence of at-risk data, compromises and security breaches. After gathering data from security incidents, they turn it into actionable intelligence to help their customers employ strong security practices that reduce exposure.
With experience like that, our WebTracks attendees were thrilled when he started analyzing the report and sharing his opinion on what we need to learn from the 2015 DBIR:
Mobile and IoT
For the past few months, it seems like our industry has been talking nonstop about the risks of mobile and IoT. Anyone who has been paying attention to those articles will be shocked when they read the 2015 DBIR and see how overstated the security risks of mobile and IoT have been. For example: less than .03% of mobile devices are affected by high-impact malware each year.
Novak’s advice: Just because IoT and mobile may not be a huge security problem YET, they will be; we need to be working NOW to prevent them from becoming an issue in the future.
Security Community
The hacker community is far more organized than it gets credit for. They work together to create malware, share information about the most recent vulnerabilities and even have businesses where they sell malware or customize it for the buyer. Why doesn’t the security community work like this? We tend to only discuss security after a breach.
Novak’s advice: We need to start communicating and working together.Security professionals can’t stay ahead of the hackers if we are unwilling to communicate and work together as well as hackers do.
It’s not about who you are
Hackers don’t necessarily select a specific company and start hacking. Often, hackers are trolling the Internet and exploiting a vulnerability that your company just happens to have.
Novak’s advice: Ditch the “it won’t happen to me advice.” We are living in a time where it doesn’t matter who you are or how big your company is – you can still get hacked. Companies need to do everything they can to protect themselves, their employees and their customers.
Interested in learning more? Novak’s webinar is now available for you to watch. We did have some technical difficulties with the recording and as such, the last half was recorded. Our apologies!
Be sure to keep your eyes open for information about our upcoming October WebTracks webinar. Free to attend and free to tweet: #WebTracks
