“This supplemental report seeks to address the thousands of inquiries we’ve received from companies around the world wanting a more detailed explanation of attacks, as well as requests for additional recommendations for deterring, preventing and detecting breaches,” said Dr. Peter Tippett, vice president of technology and innovation, Verizon Business.

The report lists a good deal of information, but the interesting parts to look for are the Impact, Frequency, Industry, Threat Sources, and Case Example sections. Anyone who wanted to learn more about the attack vectors the RISK team sees on a regular basis will have a great starting point with this list. The mitigation section is another bit of information that rounds out the data collection nicely.

“Overall, this supplemental report is a break from the norm for the DBIR series. Rather than heavily centered around statistics, it is much more descriptive and narrative. This change in direction represents what we felt to be the most suitable form for the intended function. We hope the detour proves worth your time and that it leads to a better understanding of what possible problems your organization might face, and how to be better prepared to meet them,” the report says.

Looking at the opening stats, Keyloggers and Spyware, Backdoor or Command and Control, and SQL Injection amounted for the top three attack vectors as well as being responsible for the most records lost.

When it comes to the stories from the Case Example section, the very first story looks at a Keylogger incident. It offers a bit of a harsh reminder that even the IT department isn’t immune from Malware troubles. 

“A mid-size medical instrument manufacturer was alerted by law enforcement that systems belonging to them were communicating with IP addresses known to have a criminal connection. During the early stages of Verizon’s investigation, the suspicious activity was traced to a laptop belonging to a member of the company’s IT staff. After imaging the disk, investigators were able to verify that malware was present on the system,” the example explained.

“Keystroke log entries indicated that it had been continuously capturing data since being activated months prior. A review of contents in file revealed the user’s domain account credentials, home address, telephone number, and bank account information.”

The supplemental report is a great add to the original data. For the record, the top five attacks are Keylogging and Spyware, Backdoor or Command and Control, SQL Injection, Abuse of system access or privileges, and Unauthorized access via default credentials.

The remaining ten can be located here directly with no registration.