In my last blog post, I discussed the increase in reported breaches caused by insiders.  What I didn't tell you was that the loss from those breaches was primarily (49%) embezzlement and related fraud.  Only 3% of the records breached were from inside attacks. 
This is important to note.  The controls you need in place to prevent embezzlement, skimming and other types of fraud may be different than those you need to protect static database records or file type data.  Understanding where your attacks are coming from and the target of those attacks can be very useful in selecting and placing controls.

On the flip side, 98% of the records compromised (customer, patient, etc.) were from external sources.  Of this, 85% of the records were attributed to organized crime.  WOW!  I knew the number was high but that was surprising to me. 

Makes me second guess my career choice.  Here I am tracking organized crime for a living and I don't even get to carry a gun.  All kidding aside though.  This too should be a wake up call.  Knowing where our attacks are coming from is important.  Organized crime has the resources, capital and manpower to do significant damage when they want to.  The days of implementing simple security controls which are not interconnected and sharing information will come to an end.  As the attacks get more complex so must our defenses.

Don't read too much into all of this though.  As pointed out in the report, 96% of all breaches were unsophisticated.  Start small and work you way into a robust risk management and security program.  Like the old addage goes...you only have to be faster than the slowest gazelle.  That's if there's only one lion.