What IT security lessons should you draw from the Verizon DBIR?
Conclusion:The latest Verizon Data Breach Investigation report (2011) continues many of the themes drawn out since its first publication in 2008. However, the DBIR is not a best practice guide on how to secure organisational data; it is an aggregation of cases where organisations failed to secure theirs. Consequently, the DBIR should be viewed as a document which identifies worst practice, and provides instructions on how not to be a follower of worst practice. Some of the breaches that have made headlines this year show that even well-resourced organisations can overlook the basics of IT security.