The 12th Edition Verizon Data Breach Investigations Report (DBIR): Read It And Spring into Action

The 12th Annual DBIR- Read It And Spring into Action .jpg

Guests: Gabriel Bassett | John Grim
Host: Sean Martin

This episode of At The Edge is made possible by the generosity of our sponsor, Interfocus.

The 12th annual edition of the Verizon Data Breach Investigations Report (DBIR) was just released. The release of the DBIR is big news every year; people and companies wait patiently for the report to get published, so they read it and “absorb” it.

Are you one of those people? Did you download it? Did you skim through it? Did you read it cover to cover?

Or, did you (or do you plan to) go that extra step to work through it with your team to help your company operationalize its risk and information security programs?

Hopefully, you take those extra moments to do just that. There’s a ton of data, stories, and actionable information in this report — especially when combined with other reports from Verizon, including the Insider Threat Report and the Data Breach Digests.

Let’s dig into this episode so you can spring into action.


As you know from listening to podcasts here on At The Edge, I try to help organizations and individuals operational security — the goal for today’s episode is no different.

Today, I am thrilled to be joined by Gabriel Bassett, Senior Information Security Data Scientist, and John Grim, Senior Manager, Investigative Response Team — both from Verizon Enterprise Solutions.

Based on my experience working in this industry for donkey’s years, many people read the DBIR for its mounds and mounds of stats: who doesn’t like pouring through a good set of figures? And, make no mistake about it, some people read it for the funny quips: who doesn’t love a good laugh?

However, there is a lot of information in the report that can be used operationally to define a new information security program or to fine-tune an existing program. Thankfully, Gabrielle and John were able to talk through the report in a way that people can read it to make it actionable. They even provide some specific references to page numbers, sections, and figures within the report: SCORE!

You have to hand it to the attackers.
At some point one must have thought “why don’t we
skip all the hard hacking and just, you know, ask for
the money?”
— [Gabrielle’s favorite quote from the report]

While there are many stories and tips shared by both Gabriel and John, one interesting point made during our conversation that stood out for me is that there are many parts of the report that many people skip or miss that can provide significant value to their InfoSec program. Do you know what they are? Do you know what you might be missing?

It’s a great conversation filled with tons of data and a lot of stories — I hope you enjoy it!

About Gabriel Bassett
Senior Information Security Data Scientist, Verizon Enterprise Solutions


Gabriel Bassett is the Senior Information Security Data Scientist on the Verizon Security Research team at Verizon Enterprise Solutions specializing in data science, machine learning and graph theory applications to cybersecurity. He is the Lead Data Scientist and a Contributing Author of the Verizon Data Breach Investigations Report and Protected Health Information Data Breach Report.

He has previously held cybersecurity risk management, testing, intelligence, architect and program management positions at the Missile Defense Agency and Hospital Corporation of America.

Find Gabriel on Twitter: @gdbassett
Find Gabriel on LinkedIn


About John Grim
Senior Manager, Investigative Response Team, Verizon Enterprise Solutions


John Grim has over 15 years of experience investigating data breaches and cyber security incidents. Currently, John leads a team of highly skilled digital forensics investigators. In this capacity, John responds to cybersecurity incidents, advises on data breach containment and eradication efforts, performs digital forensic examinations, and leads investigative response training and data breach simulation exercises for Verizon customers worldwide.

Prior to joining Verizon, John served 12 years with the U.S. Army investigating security-related incidents with eight years specifically focused on network intrusion investigations and forensic examinations. John has provided computer security related advice, assistance, and formalized instruction to both technical and non-technical audiences.

Find John on LinkedIn

The At The Edge podcast series is made possible by the generosity of our sponsors.

If you’d like to learn more about supporting our conversations here at the Intersection of IT Security and Society, we invite you to explore our column sponsorships.