Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines

Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.

For the past 13 years, Verizon's "Data Breach Investigations Report" (DBIR) has been the industry's definitive resource for documenting and benchmarking the global state of cybersecurity. As always, the Verizon DBIR team does an admirable job of sifting through an impressively large data set to tease out the underlying trends that are driving the market.


But as Miles Davis, the legendary jazz trumpeter, once famously said, "It's not the notes you play, it's the notes you don't play." In other words, it's the silence between the notes that enables the listener to interpret and appreciate the music's deeper meaning and context. When reading a broad industry survey such as the DBIR, it is likewise instructive to look beyond the bolded headlines and ask further questions of the data to best understand the meaning behind these trends.


Here's what I mean.


Headline #1: The Global Malware Threat Is Evaporating According to DBIR: The Verizon DBIR team documents a precipitous decline of malware-related threats, from 50% in 2016 to just 6%, stating that "we think that other attack types such as hacking and social breaches benefit from the theft of credentials, which makes it no longer necessary to add malware in order to maintain persistence. So while we definitely cannot assert that malware has gone the way of the eight-track tape, it is a tool that sits idle in the attacker's toolbox in simpler attack scenarios."


Beyond the headline: Of course, it's heartening to read that malware threats are waning, and I agree with the interpretation that the broad availability of user ..

Support the originator by clicking the read the rest link below.