Verizon’s Digest: Real-world data breach scenarios unearthed

iStock_000019633342_SmallFrom the Rotten Apple to the Alley Cat, and from the Snake Bite to the Poached Egg, Verizon has compiled a list of 18 scenarios in its Data Breach Digest that paint a picture of how real-world breaches work.

This digest collects scenarios founded on commonality and lethality, and is based on 1,175 forensic investigations that Verizon has conducted over the past three years.

“One of the key take-aways that we’re hoping folks will realise here is that there’s such commonality between the cases,” said Chris Novak, director of investigative response at Verizon. “There’s a perception that everyone is in this alone. By putting these stories out there, it shows the industry that they are not alone.”

“Everyone is told by their company, ‘Do this, don’t do that’ and they may not understand why,” said Novak. “This digest explains the why.”

A less data-heavy digest organised by case studies

Unlike its usual Data Breach Investigations Report, Verizon has produced a less data-heavy digest organised by case studies.

The individual case studies go through the methods that investigators used to figure out what happened, as well as the steps taken afterwards to address the problem. There are some lighter moments in this report, as well, including when a hacker was asked to attend a mock job interview to demonstrate his abilities and explain how he had managed to infiltrate the company’s systems. But instead of getting a job offer, he was thanked for his confession and arrested.

The main point to take away from this publication is that we’re all in this together and we can help build and strengthen our corporate security by learning from others and moving forward.

Companies need to have an effective ISMS

Nearly all of the 18 scenarios listed in this digest highlight that companies need to have an effective information security management system (ISMS) in place to protect their staff, processes, technology and assets.

Having an ISMS that is aligned to the international cyber security standard, ISO 27001, will help you manage and control the risks associated with data breaches and help you build strong defences to combat all of the scenarios highlighted.

Take a free trial of our ISO 27001 ISMS Documentation Toolkit. The toolkit contains pre-written and customisable templates that will help accelerate your ISO 27001 project as well as providing clear direction on how to build a robust ISMS.

Take your free trial today >>

ISO 27001 templates