The reality of data breaches and other cyber threats continues to grow year after year and the only way we know what’s happening and how to address it is through the dedicated work of teams who do in-depth annual analysis of real-world security incidents. The team at Verizon produces the annual Data Breach Investigations Report (DBIR) which has quickly become one of the most respected and helpful security reports published.
The report includes data from real incidents and real breaches, providing insight into what happened, how it happened, and who was responsible both externally and internally. It’s a powerful resource to help organizations of all sizes and in every industry understand their vulnerability to cyber threats. Listen to hear about the 2020 version of the report and discover how the information gleaned through this assessment can inform your security protocols and approaches.
You will want to hear this episode if you are interested in…
- The history and mechanics of the Data Breach Investigations Report [2:20]
- The big changes in this year’s report [5:11]
- A high-level look at security concerns for the healthcare industry [8:11]
- The vital importance of basic cyber hygiene [13:02]
- Takeaways for business leaders [17:10]
- Year over year analysis of the 2020 DBIR [20:11]
- The vital need for security in both small and large companies [26:15]
- Why personal data theft was one of the highest incidences in the report [31:22]
- The bad actors discovered in the report and how to protect your organization [34:01]
- Benefits for many industries and roles within organizations [43:48]
The Healthcare Industry Remains A Huge Cyber Target
As you can imagine, the healthcare industry is one of the most data-intensive and data-sensitive industries. It is an area that requires some of the highest security measures due to the volume of personally sensitive data that exists within the system. Healthcare organizations are responsible for a great deal when it comes to security.
The reason healthcare is always a big target for hackers and other bad actors is that the data healthcare providers manage is highly monetizable. The intense security required comes down to access control and identity access management procedures, as well as continual monitoring to ensure internal personnel only access data repositories that are relevant to the work they are doing for the organization.
But there are also many external concerns. In the healthcare industry, there exists a complex partner ecosystem that works with shared data. Each partner organization must perform its due diligence when it comes to security so the entire network of partners can be secure. Listen to hear how the healthcare industry has made great strides and where it still needs improvement.
Are You Overlooking The Security Of Your Intellectual Property?
With such a necessary focus on Personal Identifying Information (PII) and Personal Health Information (PHI) it is understandable that in many scenarios, the security of Intellectual Property (IP) falls to a lesser priority. But this year’s report makes it clear that Intellectual Property is a target of cybercrime. When the need to secure IP does finally come into focus it’s usually too late and something has already been compromised or stolen. All industries need to recognize that their IP is just as important to protect as personal data.
Key DBIR Takeaways For Executives
One of the things I want to highlight from this conversation is that the data shows that security is an issue at most companies. That’s a reality the C-suite needs to understand because they are the ones who can move security initiatives forward aggressively and ensure that security is a consideration from the outset of every project.
This year’s DBIR will help the C-suite understand…
- The complexity of the security puzzle. Many variables need to be addressed and every industry and company within the industry has unique concerns.
- The specific issues their security teams are facing. The industry-specific aspects of the DBIR enable a targeted approach per industry and vertical rather than a broad one
- More likely security risks VS a broader “What could happen?” perspective. Knowing the data behind existing breaches and compromised security measures enables organizations to take a focused look at similar risks in their companies
Listen to this episode to learn how foundational issues such as DDOS attacks, delivery errors, lack of adequate processes and procedures, lack of secure credentials, and weak enforcement of best practices lead to some of the most significant risks. Your security team will thank you for taking the findings of this report seriously.
Resources & People Mentioned
Connect with David & Jason
Connect With Carousel Industries