If you haven’t read the Verizon 2012 Data Breach Report, you may want to check it out.  Contains a wealth of information on what’s going on in information security breaches.  Here’s a link:

http://www.wired.com/images_blogs/threatlevel/2012/03/Verizon-Data-Breach-Report-2012.pdf

Some interesting tidbits:

Who’s behind data breaches:

  • 98% came from external agents
  • 4% implicated internal employees
  • <1% committed by business partners
  • 58% of all data theft tied to activist groups

How do breaches occur?

  • 81% utilized some form of hacking
  • 69% incorporated malware
  • 10% involved physical attacks
  • 7% employed social tactics
  • 5% resulted from  privilege misuse

Commonalities in attacks:

  • 79% of victims were targets of opportunity
  • 96% of attacks were not highly difficult
  • 94% of all data compromised involved servers
  • 85% of breaches took weeks or more to discover
  • 92% of incidents were discovered by a 3rd party
  • 96% of victims subject to PCI DSS had not achieved compliance