A Symantec report says that most breaches at small to midsize businesses are caused by people, not malware.

The security software provider released the findings of its 2009 Storage and Security in SMBs survey. The study found that while SMBs are familiar with cyber risks and have clearly defined goals for security and storage, a surprisingly high number have yet to take even the most basic steps towards protecting their businesses, such as implementing antivirus or backing up their data. The study is based on surveys of 1,425 small and medium businesses in 17 countries during the first quarter of 2009.

“Many small and midsized businesses are at a crossroads—aware of the need to strengthen their IT security infrastructure but unsure how to do so with limited resources,” said Kevin Murray, senior director, product marketing, Symantec. “As with their enterprise counterparts, security threats to small and midsized businesses are increasing in complexity, number and frequency, and the volume of information they must protect and maintain continues to expand.”

According to Newsweek, your identity isn’t worth quite what it used to be. In fact, the value of stolen credit card data has dropped tenfold from what it was worth 10 years ago, and is now selling from $3 to as little as 40 cents.

Experts believe that because there are so many criminals buying and selling identities on the black market, the supply of goods is high. Therefore, it makes sense that the prices are dropping. Sophisticated phishing attacks and major data breaches have turned underground distribution channels into an overstocked market.

Today’s criminals are also acting like business executives. They’re branding and marketing, researching new techniques, partnering, and cutting prices.