2009 Data Breach Investigation Report // 2009-04-15 -
http://isc.sans.org/diary.html?storyid=6202 ;
http://www.informationweek.com/shared/printableArticle.jhtm?articleID=216500718
April 15, 2009 - "More electronic records were exposed in 2008 than in the previous four years combined and most of those breaches - nine out of 10 - could have been easily avoided with basic preventative controls consistently applied... Among the report's* findings: 91% of all compromised records were linked to organized criminal groups; customized malware attacks doubled; and the most common attack vectors were default credentials and SQL injection... 99% of breached records were accessed through servers and applications, rather than desktop computers, notebooks, mobile phones, or portable media..."
*
http://www.verizonbusiness.com/products/security/risk/databreach/
http://www.javelinstrategy.com/2009/02/09/nearly-10-million-americans-hit-by-identify-theft/
February 9, 2009 - "... identity theft is on the rise, jumping to a record
9.9 million victims in 2008
, which is up 22% from 2007. Approximately one in 23 U.S. adults became victims... Improper use of checkbooks and credit or debit cards after a wallet or pocketbook is lost or stolen remains the most common means of identity theft — 43% of all incidents can be traced to this cause. About 25% of victims had their PINs compromised on ATM cards. Online fraud was the reason for 11% of cases..."
http://blog.trendmicro.com/most-abused-infection-vector/
Dec. 7, 2008 - "... malware data from January to November 2008... a majority of the top 100 malware that was most prevalent during this year arrived by surfing malicious or unknown sites..." (Charts available at the URL above.)
June 11, 2008 - "... for 90% of the known vulnerabilities exploited, patches were available for at least six months prior to the attack... suggests that installing software patches as soon as they're made available will significantly reduce the chance of a data breach*..."