Verizon's takeaway is that organisations should prioritise defending themselves from the other attacks are working and stop worrying about attacks that will probably only materialise when mobile has been fully integrated into business.
Meanwhile, back with the breach reports that have made the DBIR such an annual event suffice to say that the 2,122 confirmed in 2014 across 61 countries was significantly up from the 1,376 in 2013. This is largely down to the expanded list of organisations contributing reports of real-world incidents - 70 against 50 -although it is also possible that as a record year for disclosed breaches, the rise is real too.
It is striking, however, that other aspects of data beaches have stayed almost the same from year to year in the DBIR with the balance of external actors staying around 85 percentage with most of the rest internal staff and a tiny segment by or through partners. There is also evidence that breaches are taking longer to detect over time, usually more than a few days.
Another theme is the insane problem of patching with only ten Common Vulnerability and Exposures (CVEs) accounting for 97 percent of the exploits seen in 2014. Many vulnerabilities are also exploited with a month of being made public, which means that public disclosure is a good indicator of the flaws that should be addressed most urgently, Verizon said.
With old flaws aplenty to choose from, "apparently, hackers really do still party like it's 1999."
Sign up for CIO Asia eNewsletters.