The annual Verizon DBIR (Data Breach Investigation Report) is a great tool full of lots of actionable information. However, at over 100 pages full of detailed information, it can seem a bit like walking into a modern hardware store and wondering where to look to find what you would need to keep a squirrel out of your yard. Plenty of options, for virtually every situation, but what about your situation? Here are a few tips to help you keep up with the latest security information from the DBIR.
What is the risk posture of your organization? What is at risk in your organization? The first tip is just to know what you care about within your organization. If you don’t know what is at risk, then you don’t know what to protect. Risk can be evaluated in many different ways, but one of the obvious things at risk is your sensitive data. If you don’t know what data you have or how it is stored, or where it goes, then you can’t take action to protect it.
Do you know all the details about your environment, down to the color of sensitive or weak areas within your infrastructure or security posture? What do you know that the outside does not know and should not know? Reviewing the past failures within your environment and knowing what is still in process to secure is a great place to start. If you have had a data breach before or are concerned you are a target for specific types of data that hackers are after, identifying these colors helps you know where to focus your security efforts.
Perhaps you'd like to read all 100+ pages about security concerns or perhaps you'd like to look for just the most interesting new angle on security. Either way, it’s easy to spend time looking into areas that may not have immediate value or even actionable value. Before spending too much time in the report, have a goal in mind that you can focus on based on your risk and your environment.
There are many ways to benefit from the DBIR report beyond these simple tips. If you are unsure where to start, comforte can help you understand your data risks and find the best approach to make sure you only read the DBIR each year with an outside interest and don’t become one of the statistics you seek to avoid.