Just a fun observation from a CSO Summit about data theft "Russian-style."
So, you are a CSO for a major org (say a government agency, a bank or an Internet provider); you walk down the street and pass a typical street vendor selling books, software, etc. Suddenly you see "a database on DVD" for sale. You look closely and - oops! - it is your customer database with names, passport numbers, addresses, etc. Fun! :-)