SAN FRANCISCO -- The 2014 Verizon Data Breach Investigations Report (DBIR) is poised to be the largest-ever analysis of data breaches and breach investigations, but it's expected to confirm that enterprises are losing ground in the fight against persistent cyberattacks.
It's clear the bad guys are winning at a faster rate than the good guys are winning, and we've got to solve that.
Wade Baker, managing principal for research and intelligence, Verizon
In a sneak preview of the report for members of the media this week at the 2014 RSA Conference, the communications and security services provider revealed that this year's data set will be derived from nearly 50 contributors, a record number.
The report will include first-time contributions from not only a number of national and international computer emergency response teams, such as CERT Polska and others from Eastern Europe and Latin America, but also from well-known commercial security vendors, including McAfee Inc., FireEye Inc., and Kaspersky Lab, companies that are fierce rivals in most circumstances but are coming together to support Verizon's breach-analysis efforts.
The 2013 DBIR set a record by incorporating breach incident data from Verizon and 18 other organizations around the world; last year's first-time contributors included the U.S. Computer Emergency Readiness Team (US-CERT) and the CERT Insider Threat Center at the Carnegie Mellon University Software Engineering Institute, both of which are returning for 2014.
Wade Baker, managing principal for research and intelligence at Verizon and one of the authors of the DBIR, said this year's mix of forensics providers, CERTs, vendors and new types of data providers covering areas Verizon has never researched before will result in a report that's "fantastically interesting."
"What we want to bring to you is truly everything we can possibly know about, study it and share its findings," Baker said.
However, the enlarged data set likely won't yield a lot of good news for enterprises. In marking the compilation of 10 years of breach data, Baker said the 2014 report will cover a number of long-term trends.
Previewing one slice of that data, Baker showed a chart illustrating how much time attackers usually need to compromise a target versus how much time organizations typically need to discover such a compromise. While being intentionally vague, Baker said attackers usually need just a handful of days to successfully gain unauthorized access to an organization, while on average, organizations need about 25 days to detect each breach. Worse yet, he added, that time-to-detection gap is widening.
More from RSA Conference 2014
Quickly access all of SearchSecurity's coverage of the information security industry's premiere event.
In 60% of the breaches in the 2013 data set, Verizon found that the initial compromises took place over a period of multiple hours, while 62% of breach events were not discovered until months after the initial compromises.
"If this is the ten-year study of where we've come, it's clear the bad guys are winning at a faster rate than the good guys are winning, and we've got to solve that," Baker said. "It's not a simple solution, otherwise someone would've figured it out by now, but it's actually getting worse."
The 2014 DBIR is expected to be released this spring.