The following image is the one that you’d never expect. It is a graph from a fairly large data set created using an experiemental model. Using the OSI 7 Layer model the layer 0 for kinetic and layer 8 for people set the spectrum from left to right. This is preliminary data and not something y’all are going to get your greedy little hands on cheaply, but in general the image depicts the following.
1) A volume of incidents were evaluated using open sources to determine the layer of the OSI model that “best” expresses the incident. You can find one of the mechanisms utilized elsewhere on the blog.
2) The other element evaluated was the confidential, integrity, availability element of the breach or exposure.
Some interesting patterns are obviously becoming apparent.
This is interesting. It would seem from your graph that social engineering attacks are becoming less prevalent. This doesn’t seem to jibe with at least the well-publicized attacks. Perhaps the real data is less interesting to the media?
As a nit to pick, I’d suggest modifying the graph to remove the values that don’t correspond to actual layers.
There are several reasons why the data could be skewed 1) in 2007/8 was the recession and companies got rid of security 2) the reporting follows trends and also is deeper some years due to reporters covering
Yes I thought about delimitaring and structuring the graph better but this how it was in my notebook. It’s just another item from my project notebook. I’ve got the 3d version of vulnerabilities somewhere around here also.
Thanks for the comment completely valid points.