So not exactly hot of the presses, but worth a looksee is Verizon's 2010 Data Breach Report. I will let you all peruse the 66 pages of intelligence in terms of data breaches. However there are definitely some interesting facts in just the summary (well duh I suppose):

• 70% of data breaches occurred from outside sources


• 48% of data breaches caused by insiders

Of all the breaches:

• 48% of data breaches were caused by privilege misuse


• 40% of data breaches were caused by hacking


• 38% of data breaches utilized malware


• 28% of data breaches utilized social tactics


• 85% of all attacks were NOT CONSIDERED DIFFICULT


• 96% of breaches could have been MITIGATED BY SIMPLE OR INTERMEDIATE CONTROLS

Nevermind the simples maths behind this (I am assuming there is merging in a lot of these factors) but the last two bullets are mind-boggling yet not suprising. How many attacks do people see out in the field which could be blocked by patching? Or by user-awareness. Obviously not all will be caught (and it only takes one!) however its nice to grab the low-hanging fruit to focus on the tougher to find fruits.