I get a lot of security reports from vendors and, although some of them are nonsense, the annual Data Breach Investigations Report from Verizon Business is always a must read. That\u2019s because the results are based on first-hand evidence from Verizon, the U.S. Secret Service, law enforcement agencies in Holland, Australia, Ireland and London\u2019s Metropolitan Police.\n\tAs a result Verizon looked at a lot of data: 855 incidents involving 174 million compromised records\u2013an astounding increase compared to last year's four million compromised records.\n\tThe report is filled with notable information and recommendations, so I suggest you read it for yourself. But here are some of the highlights.\n\tFirst the good news:\n\t\n\t\tCompany employees were less likely to be behind breaches\u2013only\u00a04 percent,\u00a0down 13 percent from the year before.\n\t\n\t\tThere were also fewer breaches involving physical attacks (10 percent of the total, a 19 percent drop) and\u00a0social media tactics (7 percent, down 4 percent), and only 5 percent were caused by privilege misuse,\u00a0 a drop of 12 percent compared to\u00a0the year before.\n\t\n\t\tBad guys still aren\u2019t going after particular people\u201379 percent of the victims were targets of opportunity.\n\n\tOK, now that we\u2019ve got that out of the way, let\u2019s move on. What comes next is damn depressing because it means organizations still don\u2019t have a clue.\n\t\n\t\tNearly all of the attacks\u201396 percent\u2013weren\u2019t highly difficult to pull off. While Flame and other cutting edge malware grab\u00a0headlines, the real problem is still likely to be stupid passwords.\n\t\n\t\t85 percent of the breaches TOOK WEEKS OR MORE TO DISCOVER (up 6 percent from the previous report). In cases involving intellectual property, 31 percent of the breaches TOOK YEARS TO DISCOVER. This is explained by the fact that:\n\t\n\t\t92 percent of the incidents were discovered by third parties (also up 6 percent).\n\t\n\t\t97 percent of the breaches could have been avoided by simple or intermediate controls, such as\u00a0changing passwords regularly and using firewalls or access-control lists on remote access\/admin servers.\n\n\t\n\tThis year Verizon also issued some industry-specific reports on finance and insurance, intellectual property, retail, health care, and accommodations and food service. In addition to reading the reports for your particular industry you'll will benefit from reading the IP report.