My daily visit to RiskStop.org led me to a presentation titled 10 Things the Security Auditor Saw. The presentation is based on data from Deloitte's 6th Annual Global Security Survey.
Number one on the list? Excessive Access Rights. Will I be accused of FUD for pointing out that this is a problem? View the presentation for yourself to see how numbers 1, 3, 4, 6, 7, & 8 are tightly related and even solved with the same swoosh of your magic wand (or samurai sword, depending on what type of geek you are).