Connect with us

Hi, what are you looking for?


Incident Response

Verizon Adds More Partners to Data Breach Report

The soon-to-be released data breach report from Verizon will provide a more extensive picture of cyber-crime worldwide than previous reports, its principal author said in a press briefing at the RSA Conference Tuesday evening.

The soon-to-be released data breach report from Verizon will provide a more extensive picture of cyber-crime worldwide than previous reports, its principal author said in a press briefing at the RSA Conference Tuesday evening.

The Verizon 2013 Data Breach Investigations Report has data breach-related data from more partners than in previous years, Wade Baker, managing principal of the Verizon RISK team and principal author of the DBIR, said at the briefing. Verizon also expanded the types of security events analyzed for the report, expected to be released sometime this spring.

Baker did not indicate when the report will be officially released, but said researchers were still hard at work studying the data.

The report contains data from 18 different organizations, compared to last year’s five, Baker said. Verizon uses the information gathered by its own Verizon Research Investigations Solutions Knowledge (RISK) team for the report. Companies who suffer a breach call Verizon RISK for incident response and mitigation. The US Secret Service, Australian Federal Police, Dutch High Tech Crime Unit, and Irish Reporting and Information Security Service (IRISS-CERT) also contributed data to the report last year, as well as this year.

“The additional contributing security organizations will enable us to paint an even clearer picture of the threat landscape facing businesses today,” Baker said.

In addition to data from Verizon RISK, the report included data from CERT Coordination Center at Carnegie Mellon University, Consortium for Cybersecurity Action, Danish Ministry of Defence’s Center for Cybersecurity, Danish National Police’s National IT Investigation Section, Deloitte, Electricity Sector Information Sharing and Analysis Sector (ES-ISAC), European Cyber Crime Center (EC3), G-C Partners, Spain’s Guardia Civil, Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), Malaysia Computer Emergency Response Team (MyCERT)’s CyberSecurity Malaysia, National Cybersecurity and Integration Center (NCCIC), ThreatSim, and the US Computer Emergency Readiness Team (US-CERT) for the first time this year.

The partners cover a broad spectrum of sources, from law enforcement, to ISAC/CERT-type organizations, to private sector firms, Baker said at the briefing. This level of variety means researchers are able to gain visibility in areas they did not have a lot to say about in the past, such as industrial control systems, Baker said.

Advertisement. Scroll to continue reading.

This year’s report will include security events such as distributed denial of service attacks, network intrusion, insider misuse, and attacks against the energy and critical infrastructure sectors, Verizon said. Verizon now has a dedicated ICS team, but partnering with ICS organizations has expanded the amount of data available for the report, Baker said.

Verizon RISK has been analyzing data since 2004 and published six reports to date. Over the past nine years, the team has analyzed 2,500 data breach disclosures and 1.2 billion compromised records, according to Verizon.

All DBIR contributors use the Verizon VERIS framework to input breach-related data so that researchers could objectively classify and analyze the security incidents. The framework uses a common language and structured process to make the analysis possible.

“The common language is critical, as there is currently no universal language that describes security incidents or an industry standard for the development of risk metrics,” Baker said.

Information sharing is a challenge, Baker said, noting that if it was easy, “it wouldn’t be as talked about.” In a panel discussion at the press event, Brian Honan, CEO of IRISS-CERT, said information sharing wouldn’t be possible if breached organizations didn’t trust CERT-level organizations to safeguard the details of the incident.

Dawn Cappelli, director of the software engineering Institute’s Insider Threat Center at the CERT Coordination Center noted that confidentiality was even more critical when asking organizations to talk about insider attacks. These incidents are not perpetuated by someone halfway around the world, but someone who the company trusted, Cappelli said. It is “very personal,” and the level of detail provided about how the breach was performed would not be possible if there was no expectation of confidentiality and trust, she said.

“Today’s cyber-landscape remains a tough one to navigate, and unfortunately, we believe it will continue to remain challenging in 2013,” Baker said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...