I haven't read the report <http://www.verizonbusiness.com/resources/reports/rp_2010-DBIR-combined-reports_en_xg.pdf>, except for the executive summary at the end of the pdf and another summary here <http://windowssecrets.com/2010/08/19/02-New-analysis-of-stolen-data-brings-surprises/#story1>. Note that 4 out of 5 victims subject to PCI-DSS had not achieved compliance.
>From the executive summary: WHO IS BEHIND DATA BREACHES? 70% resulted from external agents (-9%) 48% were caused by insiders (+26%) 11% implicated business partners (-23%) 27% involved multiple parties (-12%) HOW DO BREACHES OCCUR? 48% involved privilege misuse (+26%) 40% resulted from hacking (-24%) 38% utilized malware (<>) 28% employed social tactics (+16%) 15% comprised physical attacks (+6%) WHAT COMMONALITIES EXIST? 98% of all data breached came from servers (-1%) 85% of attacks were not considered highly difficult (+2%) 61% were discovered by a third party (-8%) 86% of victims had evidence of the breach in their log files 96% of breaches were avoidable through simple or intermediate controls (+9%) 79% of victims subject to PCI-DSS had not achieved compliance ---- Michael Heyman --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com