Common attack pathways include remote access and control, Web applications, Internet-facing systems, physical access, and -- lower on the list -- wireless networks. Remote-access and control software, often used by outside vendors to administer systems, was an attack pathway in 40% of the investigations. On many occasions, the administrative accounts intended for vendors or outsource partners were compromised by external entities. Verizon found that in many of these cases, the remote-access account was configured with default settings, making it easier for a hacker to use the account to take control.

There's lots more detail in team's report. It's a worthwhile read for all IT security personnel, network and systems administrators, and data security officers. After all, where data breaches are concerned, it's better to learn from someone else's experiences than from your own.

Another source I like to use to learn about the root cause of data breaches is a service called . This blog has anecdotal information about cases reported to the public, usually in a news release. An overwhelming number of the cases listed here are attributed to lost or stolen laptops or portable media devices like USB thumb drives, unauthorized use of data by employees, and such careless acts as inadvertently posting information on the Web or sending sensitive data via peer-to-peer file transfer.

If there's anything I glean from this blog, it's that it's necessary to educate people about data security measures, as well as to impose policies and implement technologies designed to safeguard data. For instance, encrypting the hard disk on laptops could help prevent breaches when the PC is lost or stolen. In case after case on The Breach Blog, the data on a lost laptop or thumb drive is not encrypted, and the device isn't even password-protected.

No organization wants to be in the headlines for a data breach. Understanding how many breaches occur could help you implement countermeasures that will keep your organization out of The Breach Blog.