It's becoming easier and easier for the Bad Guys to access organizations' sensitive data because many companies fail to use simple safeguards, according to a report from Verizon Business. Most data breaches also take weeks or longer to discover, the report says. I get a lot of security reports from vendors and, although some of them are nonsense, the annual Data Breach Investigations Report from Verizon Business is always a must read. That’s because the results are based on first-hand evidence from Verizon, the U.S. Secret Service, law enforcement agencies in Holland, Australia, Ireland and London’s Metropolitan Police. As a result Verizon looked at a lot of data: 855 incidents involving 174 million compromised records–an astounding increase compared to last year’s four million compromised records. The report is filled with notable information and recommendations, so I suggest you read it for yourself. But here are some of the highlights. First the good news: Company employees were less likely to be behind breaches–only 4 percent, down 13 percent from the year before. There were also fewer breaches involving physical attacks (10 percent of the total, a 19 percent drop) and social media tactics (7 percent, down 4 percent), and only 5 percent were caused by privilege misuse, a drop of 12 percent compared to the year before. Bad guys still aren’t going after particular people–79 percent of the victims were targets of opportunity. OK, now that we’ve got that out of the way, let’s move on. What comes next is damn depressing because it means organizations still don’t have a clue. Nearly all of the attacks–96 percent–weren’t highly difficult to pull off. While Flame and other cutting edge malware grab headlines, the real problem is still likely to be stupid passwords. 85 percent of the breaches TOOK WEEKS OR MORE TO DISCOVER (up 6 percent from the previous report). In cases involving intellectual property, 31 percent of the breaches TOOK YEARS TO DISCOVER. This is explained by the fact that: 92 percent of the incidents were discovered by third parties (also up 6 percent). 97 percent of the breaches could have been avoided by simple or intermediate controls, such as changing passwords regularly and using firewalls or access-control lists on remote access/admin servers. This year Verizon also issued some industry-specific reports on finance and insurance, intellectual property, retail, health care, and accommodations and food service. In addition to reading the reports for your particular industry you’ll will benefit from reading the IP report. Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe