The retail business sector and its sensitive data was the most targeted by cyber criminals in 2012.
This was one of the key discoveries in the "Trustwave 2013 Global Security Report", which notes that, for the first time in three years, the retail industry made up the highest percentage of investigations.
According to the report, the retail space saw a 15% increase in breaches in 2012 compared to 2011, nearly equal to the 17% drop in breaches in the food and beverages sector. Over the past three years, it adds, these sectors have been almost interchangeable, with similar network layouts due to the payment systems and software vendors used.
Trustwave says, in these industries, security often becomes an afterthought until a breach is identified.
It also notes that, three years ago, the hospitality industry was hardest hit. However, this industry has made significant strides to resolve data security issues, it adds.
Primary targets
Explaining these findings, Andrew Kirkland, Trustwave's SA country manager, says the retail sector is falling victim to cyber crime because systems that store, process or transmit cardholder data remain primary targets for criminals.
"With the massive proliferation of systems that contain cardholder data, the number of targets for attackers is almost inexhaustible," he explains. "Credit card information is the simplest way for criminals to make cash."
He added that the majority of businesses in this sector do not have adequate budgets to bring their systems up to standard, adding that IT security infrastructure negligence is another factor.
Trustwave also points out that breaches of automated teller machines (ATMs) were less frequent in 2012 than in the previous year. However, when they are successful, they yield a payout many times larger than any other type of cardholder data breach, it adds.
The report also found that Web applications have now emerged as the most popular attack vectors. E-commerce sites were the number one targeted asset, accounting for 48% of all investigations, it adds.
EMEA attackers
It believes attackers who target businesses in the EMEA region are more likely to go after card-not-present transactions and small e-commerce merchants because these merchants have little security awareness.
"Attackers will scan large numbers of merchants looking for well-known vulnerabilities in the e-commerce site or in the software components used - such as off-the-shelf shopping cart software. Typical vulnerabilities exploited here are SQL injections or vulnerabilities in file-upload functionality," the report elaborates.
Trustwave also discovered that mobile malware exploded by 400%. "As organisations embrace mobility, mobile malware continues to be a problem for Android, with the number of samples in Trustwave's collection growing 400% in 2012," the report notes.
Meanwhile, the report also reveals that businesses are slow to "self-detect" breach activity. The average time from initial breach to detection was 210 days, more than 35 days longer than in 2011, it explains.
Most victim organisations (64%) took over 90 days to detect the intrusion, while 5% took three or more years to identify the criminal activity.
Kirkland believes most organisations are overlooking their security systems and do not have adequate budgets to boost security.
Spam decline
According to Trustwave, spam volumes declined in 2012, but its impact on the business did not. It notes that spam volume shrank in 2012 to a level lower than it was in 2007, but spam still represents 75.2% of a typical organisation's inbound e-mail. Most importantly, new malware research conducted by Trustwave found nearly 10% of spam messages to be malicious.
It attributes the drop in spam from 2010 to present to the disruption of major spamming botnets (Rustock, Mega-D, Cutwail, Festi, Lethic and Grum) by law enforcement or researchers. In some cases, it adds, the effects have been temporary, as operators have simply shifted control servers and rebuilt botnets.
It also discovered that basic security measures are still not in place in most organisations. 'Password1' is still the most common password used by global businesses, it notes. Of three million user passwords analysed, 50% of users are using the bare minimum.
"The past year brought another reality check to IT and security professionals," says Robert McCullen, chairman and president of Trustwave.
"We thought we'd officially experienced the 'year of the breach' in 2011. But in 2012, as we continued to transform our businesses - embracing mobility, moving to the cloud, expanding social collaboration, and creating and sharing extraordinary volumes of data - cyber criminals likewise continued to transform and escalate."
Share