Posts tagged Verizon DBIR

4 min Verizon DBIR

The Verizon Data Breach Report - 9 Key Takeaways

Last week I hosted a webinar [https://information.rapid7.com/9-takeaways-to-verizon-dbir.html?CS=blog] with Nicholas J. Percoco [http://en.wikipedia.org/wiki/Nicholas_J._Percoco], VP of Strategic Services at Rapid7, where we discussed the latest Verizon DBIR [http://www.verizonenterprise.com/DBIR/2014/?gclid=CjgKEAjwkpacBRCNlprWw-u-nBwSJACwHiw-X46Zj-f8csREBvHnZe5veidKY2VulnOYLHPbJwa7f_D_BwE] . This year's report, as always, is recommended reading for any security professional as it's probably t

2 min Authentication

Top 3 Takeaways from "9 Top Takeaways from the Verizon Data Breach Investigations Report"

Hi, I'm Kelly Garofalo – you may know me as the voice of the moderator in most of our security webcasts. (You know, the one that tells you about how you can snag CPE credits for joining us and sends you a nice follow-up so that you can access more wonderful webcasts and content.) I'm excited to bring you the top takeaways from our recent webcast, “9 Top Takeaways from the Verizon Data Breach Investigations Report [http://information.rapid7.com/9-takeaways-to-verizon-dbir.html?CS=blog]” (Essentia

3 min Antivirus

Is AV dead? Why Symantec's executive is only half right about the state of anti-virus software

This week, a Symantec executive proclaimed that anti-virus is dead [http://www.slate.com/blogs/future_tense/2014/05/06/symantec_s_vp_for_information_security_brian_dye_says_that_antivirus_is.html] . Given the company's position in the AV market, it may be the most discussed comment coming from Symantec for some time; though in and of itself, I'm not sure the statement would elicit much of an argument from most security professionals.  Oh, except for the other AV vendors of course. For our own p

2 min Reports

Cyber security around the world - 8/5/14 - UK Information Security Breaches Survey

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week we're in the United Kingdom where the 2014 Information Security Breaches Survey was launched at InfoSecurity Europe… United Kingdom The UK government has published the Information Security Breaches Survey [https://www.gov.uk/government/publications/information-security-breaches-survey-2014] every ye

2 min Verizon DBIR

Finding Weak Remote Access Passwords on POS Devices

One of my key take-aways in the Verizon Data Breach Incident Report was that credentials are a major attack vector in 2013. Especially within the POS Intrusions, brute forcing and use of stolen creds was a major problem. These techniques were primarily leveraged against two targets: Shared passwords on 3rd-party provided POS systems were the biggest problem, followed directly by weak passwords on remote access solutions that enable the help desk to quickly provide help to employees working on

2 min Verizon DBIR

Perspectives on the 2014 Verizon DBIR

Verizon's 2014 Data Breach Investigations Report (DBIR) is here [http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf] . I love it because each year the DBIR not only provides good insight into what's taking place before our eyes but it also reaffirms my philosophy about information security that most security risks originate from a relative small number of vulnerabilities. I call these the silly and mostly senseless low-hanging fruit [http://securityonwheels.blogspo

2 min Phishing

Stolen passwords - the no. 1 attack vector

The latest Verizon DBIR 2014 report [http://www.verizonenterprise.com/DBIR/2014/]published last week is clearly showing that the use of stolen credentials became the most common attack vector in 2013. In our upcoming webcast [http://information.rapid7.com/catch-me-if-you-can-webcast-registration.html], Matt Hathaway [https://community.rapid7.com/people/mhathawa] and I will discuss how user-based attacks are becoming the no. 1 "threat action" (in Verizon's words) and how organizations can detect

2 min Metasploit

Federal Friday - 4.25.14 - A Whole Lot of Oops

Happy Friday, Federal friends! I hope all of you enjoyed some nice family time over the respective holidays last week. After a successful Marathon Monday here in Boston we're blessed with chirping birds and blooming flowers (finally)! As you all probably know by now, Verizon released their latest DBIR [http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf] report earlier this week. While this report covered a wide range of topics in regards to breaches, I

4 min Verizon DBIR

Breaches Of Unusual Size

The Verizon Data Breach Investigation Report always arrives with a whoosh as one of the most interesting – and entertaining – pieces of research to test my memory of quotes from Star Wars and The Princess Bride (I particularly enjoyed the subtle reference to Iocane Powder). In all seriousness, this year's DBIR reinforces some key trends and areas of focus. First off, the bad news:  Attackers get in fast, steal data very quickly, and can hang out and stay a while. Close to 100% of attacks show t

2 min Verizon DBIR

Nightmare on Pwn Street

We've gone a little Halloween-crazy this year over here at Rapid7 Towers. Check out this week's Whiteboard Wednesday video [http://www.rapid7.com/resources/videos/horror-sequels-dont-be-a-victim.jsp]to hear how organizations are like the protagonists of horror movies; making decisions that may ultimately make them vulnerable to attack. In addition, while we were carving our pumpkins and sewing our costumes, we got to thinking about one of the most horrifying realities in information security: ma