The Verizon Data Breach Investigations Report isn’t just full of interesting data breach statistics; it also offers enterprise defenders valuable insights on the kind of real-world threats they should be worrying about.
The attack on IT outsourcing giant Wipro appears to have been motivated by gift card fraud, not espionage or a supply-chain attack against another company.
Many organizations are unaware of the intrusion in their networks until the FBI comes calling. An Inspector General audit found that poor record keeping means some organizations don't hear from the FBI, or hear too late to do anything about it.
Enterprise defenders have a very narrow window of opportunity to detect a compromise before attackers spread out through the network and cause more damage. For nation-state attackers, that breakout time is a handful of hours.
Google's Password Checkup Chrome extension tackles the big problem of password reuse by checking what passwords users are using against a database of compromised credentials.