I learned an astounding bit of statistics yesterday in a webcast presentation by Andrew Jaquith, Senior Analyst, Forrester Research.  Using source data from DatalossDB.org, Andrew reported that in 2009, 138 million data records were breached.  By any measure, that’s a lot of data, resulting in large financial losses to corporations and lots of consternation to individuals whose identities may be included in those data breaches.

Did the majority of these losses result from stolen or lost laptops or thumb drives or backup tapes that fell off the truck? 

Surprisingly, NO! Of the 138 million breached records, a full 133 million breached records occurred at the server level.

Reinforcing this concept, the Verizon 2010 Data Breach Investigations Report stated that compromises of database servers comprised 25% of breaches, but 98% of total records.

So, while we may hear about more case of data breaches occurring from edge devices, the real challenge is protecting the core database from threats.

This reminds me of the Henry David Thoreau quote: “There are a thousand hacking at the branches of evil to one who is striking at the root.”