For those who lack the time to read the entire report, here are some of the key findings along with .

Attackers


75% of breaches done by outsiders.
25% involved internal actors.
18% state actors.
51% involved organized crime actors.

I see 25% involving internal actors as quite high, but that depends on the definition of “involved”.

Targets


24% of breaches affected financial organizations
15% of breaches affected healthcare
Public sector were third at 12%
Retail and hospitality combined for another 15% of breaches.


Tactics


62% of breaches used “hacking”
51% of breaches used malware
81% leveraged stolen/weak passwords
43% were social engineering based

What does “hacking” mean? And how much hacking did or did not involve malware?

Other findings


66% of malware got in via email
73% of breaches were financially motivated
21% of breaches were espionage related
27% were discovered by third parties


Analysis

I find the 1/4 insider involvement to be high. Not saying it’s wrong. Just saying it seems high.

I think they could use a better term than “hacking” to describe their most common type of tactic. Perhaps “manual intervention”?

I’d love to see some sort of analysis of controls in this report, or a similar report. So basically what controls from say the CIS set are most recommended this year based on the DBIR findings?

That’s not a bullseye because every company is different, but maybe they could do a recommended controls list for each industry or something.

Anyway, solid stuff as usual from he team. And I enjoyed the summary as well.

Notes


I imagine a lot of these questions were answered in the full version of the report. This is analysis of the executive summary.

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.