A most sincere thank you, dear reader, for joining us for this, the 11th installment of the Verizon Data Breach Investigations Report (DBIR). It is difficult to overstate our gratitude to you for your continued interest in and support of this publication. Over the last 11 years, there have been various twists and turns, iterations and additions to the DBIR, but our ultimate goal has remained the same—to inform you on the threats you face and to provide support, instruction and encouragement on how best to protect against them. This year we have over 53,000 incidents and 2,216 confirmed data breaches.
The report is full of dirty deeds and unscrupulous activities committed by strangers far away and by those you thought you knew. It is our continued hope that you can take away useful and instructive tips from this report to help you avoid having those things happen to you in 2018. The quote at the beginning of this section was spoken by a young boy about to go into battle for the first time, and if we are honest, we can all probably identify with him to some degree. We all crave safety (and perhaps also ale), but it seems there’s no safety to be had in today’s world. The reality is that there has never been a world devoid of risk at any time, but at least in the past no one was bombarded by incessant negativity (unless their mother in law lived with them), with rumors of disaster, economic collapse, war and famine pouring in an unending stream into their lives from TVs, laptops, tablets and phones. Modernity affords us little refuge from the onslaught of depressing and distressing media headlines. What then should we do? Unplug everything, stock up on MREs (meals ready to eat) and move to the mountains? It’s one option, but you’d probably miss things such as indoor plumbing and air conditioning. Another (and we think, better)
alternative is to accept that while there’s little guarantee of total safety, there does exist the ability to proactively act to protect what you value. At first glance, it is possible that one could view this report as describing an information security dystopia since it is made up of incidents where the bad guys won, but we don’t think that is the correct way to look at it. Rather than simply seeing the DBIR as a litany of nefarious events that have been successfully perpetrated against others and therefore, may happen to you, think of it more as a recipe for success.