Episode 188: DBIR 2026 Insights and Collaboration with CIS

 

 

In episode 188 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Philippe "Phil" Langlois, Data Breach Investigations Report (DBIR) Author at Verizon; and Charity Otwell, Director of the CIS Critical Security Controls^® (CIS Controls^®) at the Center for Internet Security^® (CIS^®). Together, they discuss some of the top insights of the 2026 DBIR and how CIS contributed to the publication.

Here are some highlights from our episode:

• 00:50. Introductions to Phil and Charity
• 02:46. Vulnerability exploitation as the most common attack vector
• 05:25. The role of artificial intelligence (AI) in threat actors' natural system thinking
• 07:03. The need for clear governance and responsibility around vulnerability management
• 08:58. Insight into the types of techniques threat actors research using frontier AI models
• 13:43. A trending drop in ransomware payouts and organizations willing to pay attackers
• 14:59. Why a healthy dose of distrust goes a long way in assessing attackers' claims of victims
• 16:24. How two ransomware groups stand out above the norm
• 17:49. The ongoing risk surrounding vendor, supplier, and other third party exposure
• 22:34. The need for governance in managing data issues involving the use of AI
• 27:14. Three ways in which CIS contributed to the 2026 DBIR
• 34:02. How the 2026 DBIR informs the CIS Controls and parting actionable steps

Resources

• 2026 Data Breach Investigations Report
• CIS Critical Security Controls^®
• Episode 87: Marking 11 Years as a Verizon DBIR Contributor
• Mythos AI: What Actually Matters for Cybersecurity Leaders
• Applying the CIS Controls to Real‑World AI Environments
• CIS Community Defense Model 2.0
• The Conti Leaks: A Case of Cybercrime’s Commercialization

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].