Verizon 2011 DBIR: The data breach report

It was publish almost a month ago but I missed it : /

I'm not going to write a summary of the document, not elaborate on the conclusions – the report includes that information and it's detailed, as usual, and emphasizes the most important points. However, there's a paragraph in the conclusions that I won't resist echoing. And the paragraph is:

We find that many organizations achieve very high levels of security in numerous areas but neglect others. Criminals will almost always prefer the easier route. Identifying a set of essential controls and ensuring their implementation across the organization without exception, and then moving on to more advanced controls where needed is a superior strategy against real-world attacks.

So, according to Verizon, it's more important to achieve a baseline of controls across the organization, without giving up on its implementation, than to do half a dozen special controls. It's hard to disagree, really. But their finding can be found far to often.

The PDF? Here: