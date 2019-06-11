Reading the Verizon Data Breach Investigations Report (DBIR) is a humbling experience for an information security professional. While the gist of the report remains more or less the same every year, it gives a good glimpse of the mechanics, scale, and intractability of security issues that organizations deal with on an ongoing basis.

This year’s Verizon DBIR is built on an analysis of about 42,000 security incidents and 2,000 breaches in 2018 across a wide variety of industries. The report uses the VERIS (Vocabulary for Event Recording and Incident Sharing) framework to collect and present incident and breach data. It spells out popular threat actions and attack paths that have led to successful data breaches. In this blog post, I summarize my takeaways from the 2019 DBIR.