If you’ve been to my workshop on selling security, I talk about the information stored in university systems which are targeted by identity thieves.  Here’s a report on recent attacks against public school systems.  Hackers are cyphoning off data, transferring it to money mules for laundering, and making off with amounts from 100,000 to 200,000…no one’s been caught according to this report.  At the end of the article, a link takes you to some information on small/medium business, another sought after target.  Both generally have poor security and have not wanted to invest in the past.  Justification requires a demonstration of how easy it is – generally through an assessment of some sort.  The long term potential of these type of accounts is great for small resellers with strong managed security offerings.

http://voices.washingtonpost.com/securityfix/2009/09/cyber_mob_targets_public_priva.html