Trustwave has released its Global Security Report for 2014.
The new study is based on data gathered from 691 breach investigations and focuses on security threats, cybercrime and data breaches. Payment card data continues to be the top type of data that’s compromised in breaches. However, the percentage of data thefts involving confidential, non-payment card data has reached 45 percent in 2013. This represents a 33 percent increase compared to the previous year.
Around 54 percent of the attacks that took place in 2013 targeted e-commerce systems. Point-of-sale (POS) attacks are next with 33 percent. In fact, experts believe that these two types of breaches will dominate the landscape in the upcoming years.
In addition to POS and e-commerce assets, cybercriminals also targeted data centers, which accounted for 10 percent of breaches.
Most of the targeted organizations are in the United States (59 percent), followed at a distance by the United Kingdom (14 percent), Australia (11 percent), Hong Kong and India (both at two percent). Canada, New Zealand, Belgium, Ireland and Mauritius also make the top ten with one percent each.
Most breaches, 35 percent to be more exact, affected the retail industry. This isn’t surprising considering that 40 million payment card records and 70 million personal information records were compromised in the Target breach alone. Other highly targeted sectors are food and beverage (18 percent) and hospitality (11 percent).
In most cases, cybercriminals rely on malware to steal sensitive information from targeted organizations. In 78 percent of cases, these pieces of malware are delivered via Java applets designed to exploit Java vulnerabilities.
Java, Adobe Flash, Adobe Reader and other third-party applications accounted for 85 percent of the exploits used in the cyberattacks launched last year.
Unfortunately, many organizations are still incapable of detecting data breaches themselves. Trustwave’s report reveals that 71 percent of victims are notified by others.
In cases where data breaches were detected by the targeted organization, the median number of days it took to contain an incident was one. On the other hand, organizations notified by third parties managed to contain a breach in two weeks.
The report shows that 67 percent of victims managed to contain the breach within 10 days. On the bright side, the amount of time it took organizations to contain a breach decreased in 2013 compared to 2012.
“Security is a process that involves foresight, manpower, advanced skillsets, threat intelligence and technologies,” said Robert J. McCullen, Chairman and CEO at Trustwave. “If businesses are not fully equipped with all of these components, they are only increasing their chances of being the next data breach victim.”
“As we have seen in our investigations, breaches are going to happen. However, the more information businesses can arm themselves with regarding who are their potential attackers, what those criminals are after and how their team will identify, react and remediate a breach if it does occur, is key to protecting their data, users and overall business.”
You can download the full 2014 Trustwave Global Security Report from Trustwave’s website.