CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Most 2013 Data Breaches Affected E-Commerce and POS Systems: Trustwave

Trustwave has released its Global Security Report for 2014.

The new study is based on data gathered from 691 breach investigations and focuses on security threats, cybercrime and data breaches. Payment card data continues to be the top type of data that’s compromised in breaches. However, the percentage of data thefts involving confidential, non-payment card data has reached 45 percent in 2013. This represents a 33 percent increase compared to the previous year. 

Trustwave has released its Global Security Report for 2014.

The new study is based on data gathered from 691 breach investigations and focuses on security threats, cybercrime and data breaches. Payment card data continues to be the top type of data that’s compromised in breaches. However, the percentage of data thefts involving confidential, non-payment card data has reached 45 percent in 2013. This represents a 33 percent increase compared to the previous year. 

Around 54 percent of the attacks that took place in 2013 targeted e-commerce systems. Point-of-sale (POS) attacks are next with 33 percent. In fact, experts believe that these two types of breaches will dominate the landscape in the upcoming years. 

In addition to POS and e-commerce assets, cybercriminals also targeted data centers, which accounted for 10 percent of breaches.   

Most of the targeted organizations are in the United States (59 percent), followed at a distance by the United Kingdom (14 percent), Australia (11 percent), Hong Kong and India (both at two percent). Canada, New Zealand, Belgium, Ireland and Mauritius also make the top ten with one percent each.  

Most breaches, 35 percent to be more exact, affected the retail industry. This isn’t surprising considering that 40 million payment card records and 70 million personal information records were compromised in the Target breach alone. Other highly targeted sectors are food and beverage (18 percent) and hospitality (11 percent). 

In most cases, cybercriminals rely on malware to steal sensitive information from targeted organizations. In 78 percent of cases, these pieces of malware are delivered via Java applets designed to exploit Java vulnerabilities.  

Java, Adobe Flash, Adobe Reader and other third-party applications accounted for 85 percent of the exploits used in the cyberattacks launched last year.

Advertisement. Scroll to continue reading.

Unfortunately, many organizations are still incapable of detecting data breaches themselves. Trustwave’s report reveals that 71 percent of victims are notified by others.  

In cases where data breaches were detected by the targeted organization, the median number of days it took to contain an incident was one. On the other hand, organizations notified by third parties managed to contain a breach in two weeks. 

The report shows that 67 percent of victims managed to contain the breach within 10 days. On the bright side, the amount of time it took organizations to contain a breach decreased in 2013 compared to 2012. 

“Security is a process that involves foresight, manpower, advanced skillsets, threat intelligence and technologies,” said Robert J. McCullen, Chairman and CEO at Trustwave. “If businesses are not fully equipped with all of these components, they are only increasing their chances of being the next data breach victim.”

“As we have seen in our investigations, breaches are going to happen. However, the more information businesses can arm themselves with regarding who are their potential attackers, what those criminals are after and how their team will identify, react and remediate a breach if it does occur, is key to protecting their data, users and overall business.”  

You can download the full 2014 Trustwave Global Security Report from Trustwave’s website.   

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.