as is tradition, I just published my commentary on this year's Verizon Data Breach Investigations Report (aka #DBIR): https://kellyshortridge.com/blog/posts/shortridge-makes-sense-of-verizon-dbir-2025/

In the post, I include the following sections covering what I felt were the most notable insights and facets in the report:

🌍 So, what?

💃 Espionage: fast fashion or couture?

👻 APTs go BWAA-haha >:3

💸 How do the money crimes generate money?

🤖 Attackers are still not really using GenAI

👩‍🍳 If you can’t make your own 0day, store-bought creds are fine

🔓 #Security was the real supply chain threat all along

🍄 Things Rot Apart

🕵‍ Scooby Doo's Spooky Kooky Corporate IT Caper

🌈 At least some things are improving somewhere

Go forth and enjoy my commentary, and then make sure to find me at #RSAC to tell me what you loved or hated Tuesday 14:30 at the @fastlydevs booth (where you'll also get a free copy of my book ✨)

thanks @alexcpsec for the early copy <3

The 2025 #DBIR is out! Go get it.

Verizon.com/dbir

@hrbrmstr @DaveMWilburn @threatbutt Norse

@realn2s @shortridge yes, but remember all of those folks were breached and has costs with IR, recovery. The threat actors are getting less of it, and that is good news, but the breached orgs themselves still “suffer”.

@shortridge @realn2s what Kelly said. Those were after compromise and ransom was requested by threat actor (and subsequently notified to the FBI IC3).

The 2024 Verizon Data Breach Investigations Report (#DBIR) is out this morning, and I make sense of it in my new post: https://kellyshortridge.com/blog/posts/shortridge-makes-sense-of-verizon-dbir-2024/

I focused on what felt like the most notable points, from #ransomware to MOVEit to web app pwnage to #GenAI and more.

I have insights, quibbles, and hot takes as always — but the fact remains it’s our best source of empirical data on cyberattack impacts. If you’re a #cybersecurity vendor, please consider contributing data to it.

We are happy to contribute once more with our malware & honeypot statistical data to the @Verizon 2024 Data Breach Investigations Report! (#VZDBIR)

Download at https://verizon.com/business/resources/reports/dbir/

@nmott I’m taken, but glad you are enjoying it!

Verizon's Data Breach Investigations Report covers a lot of sectors of society, including #education. This year's #DBIR reports that 98% of breaches and #cybercrime affecting schools was financially motivated.

What was that famous thing a bank robber once said about going where the money is? Is someone going to tell them?

https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf

Just a quick reminder:

Next week we close the data collection window for the 2024 #DBIR .

If your org has been sitting on YET ANOTHER 3rd party breach affecting your company, please make it public before Oct 31st and help a DBIR author out. 🫠

@hrbrmstr it is indeed. but for how long?