Alex Pinto

@alexcpsec
46 Followers
79 Following
11 Posts
Alex PintoApr 24, 2025
Kelly ShortridgeApr 24, 2025

as is tradition, I just published my commentary on this year's Verizon Data Breach Investigations Report (aka #DBIR): https://kellyshortridge.com/blog/posts/shortridge-makes-sense-of-verizon-dbir-2025/

In the post, I include the following sections covering what I felt were the most notable insights and facets in the report:

🌍 So, what?

💃 Espionage: fast fashion or couture?

👻 APTs go BWAA-haha >:3

💸 How do the money crimes generate money?

🤖 Attackers are still not really using GenAI

👩‍🍳 If you can’t make your own 0day, store-bought creds are fine

🔓 #Security was the real supply chain threat all along

🍄 Things Rot Apart

🕵‍ Scooby Doo's Spooky Kooky Corporate IT Caper

🌈 At least some things are improving somewhere

Go forth and enjoy my commentary, and then make sure to find me at #RSAC to tell me what you loved or hated Tuesday 14:30 at the @fastlydevs booth (where you'll also get a free copy of my book ✨)

thanks @alexcpsec for the early copy <3

Shortridge Makes Sense of Verizon's 2025 Data Breach Investigations Report (DBIR)

This post includes Shortridge’s commentary and summary of Verizon’s 2025 Data Breach Investigations Report (DBIR).

Sensemaking by Shortridge
Alex PintoApr 23, 2025

The 2025 #DBIR is out! Go get it.

Verizon.com/dbir

Show threadAlex PintoJun 25, 2024
@hrbrmstr @DaveMWilburn @threatbutt Norse
Show threadAlex PintoMay 2, 2024
@realn2s @shortridge yes, but remember all of those folks were breached and has costs with IR, recovery. The threat actors are getting less of it, and that is good news, but the breached orgs themselves still “suffer”.
Show threadAlex PintoMay 1, 2024
@shortridge @realn2s what Kelly said. Those were after compromise and ransom was requested by threat actor (and subsequently notified to the FBI IC3).
Alex PintoMay 1, 2024
Kelly ShortridgeMay 1, 2024

The 2024 Verizon Data Breach Investigations Report (#DBIR) is out this morning, and I make sense of it in my new post: https://kellyshortridge.com/blog/posts/shortridge-makes-sense-of-verizon-dbir-2024/

I focused on what felt like the most notable points, from #ransomware to MOVEit to web app pwnage to #GenAI and more.

I have insights, quibbles, and hot takes as always — but the fact remains it’s our best source of empirical data on cyberattack impacts. If you’re a #cybersecurity vendor, please consider contributing data to it.

Shortridge Makes Sense of the 2024 Verizon DBIR

This post includes my commentary and summary of the 2024 Verizon Data Breach Investigations Report (DBIR).

Sensemaking by Shortridge
Alex PintoMay 1, 2024
The Shadowserver FoundationMay 1, 2024

We are happy to contribute once more with our malware & honeypot statistical data to the @Verizon 2024 Data Breach Investigations Report! (#VZDBIR)

Download at https://verizon.com/business/resources/reports/dbir/

2025 Data Breach Investigations Report

The 2025 Data Breach Investigations Report (DBIR) from Verizon is here! Get the latest updates on real-world breaches and help safeguard your organization from cybersecurity attacks.

Verizon Business
Show threadAlex PintoMay 1, 2024
@nmott I’m taken, but glad you are enjoying it!
Alex PintoMay 1, 2024
Andrew BrandtMay 1, 2024

Verizon's Data Breach Investigations Report covers a lot of sectors of society, including #education. This year's #DBIR reports that 98% of breaches and #cybercrime affecting schools was financially motivated.

What was that famous thing a bank robber once said about going where the money is? Is someone going to tell them?

https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf

Alex PintoOct 24, 2023

Just a quick reminder:

Next week we close the data collection window for the 2024 #DBIR .

If your org has been sitting on YET ANOTHER 3rd party breach affecting your company, please make it public before Oct 31st and help a DBIR author out. 🫠