Two new reports have just been released dealing with the state of Internet security; one is from Microsoft, and the other from Verizon. If you are interested in security, I recommend both reports as interesting, if sometimes rather depressing, reading.
Since 2008, Verizon’s RISK Team has published an annual report summarizing security and data breach incidents, and categorizing them on various criteria (e.g., who did it? how was it done?). The 2013 Data Breach Investigations Report [PDF] analyzes data from more than 47,000 security incidents, and 621 confirmed data breaches. This year, the report attempts to assess the prevalence and origins of “espionage” attacks: those whose primary motivation was not mischief, or financial gain, but theft of trade secrets and other intellectual property. There is also an Executive Summary [PDF] available.
I have not had a chance to read these reports yet, but will post further comments here when I have. An essential part of any sensible security analysis is an evaluation of the threats one is guarding against. These reports should provide some information useful in that exercise.