It is not surprising that customer records would be the main target for attackers. But a database of financial records from a major bank is not their most common target – instead it’s the food and beverage industry that has proved most appetizing.
In its 2012 Global Security Report, Trustwave revealed that for the second year in a row, the food and beverage industry comprised nearly 44 percent of the data breach investigations in 2011. Retail businesses were the second largest group, accounting for nearly 34 percent.
“There is a very low barrier to entry: remote access with weak passwords or vulnerable solutions in place,” he said in an interview with SecurityWeek. “The attackers can have a great deal of time in the environment before being detected. The data they are after is being replenished on a daily basis.”
Passwords, it turns out, are a weak link in many organizations. According to Trustwave, the problem was not just weak passwords, but shared passwords as well. The most common password used by global businesses in “Password1,” because it satisfies the default Microsoft Active Directory complexity setting.
“[Organizations] should be enforcing stronger passwords, but also decide to use 2-factor authentication for all accounts with remote access and/or administrative rights to systems,” Percoco said.
The company investigated more than 40 percent more breaches this past year than in 2010, Percoco said. But while the number of breaches may be disconcerting, arguably even more so is that the number of breaches detected by the victimized organizations themselves stood at only 16 percent. The remaining 84 percent discovered the situation due to third-party information from regulatory, law enforcement or the public.
In cases where the external entity was relied on for detection, the attackers had an average of 173.5 days within the victim’s environment before they were detected.
“The attackers are working very hard to fly under the radar of the organizations they are targeting,” Percoco said. “They perform actions in environments that when taken as a single event are not malicious, but when combined and analyzed by a data breach investigator are indicators of compromise. This is very difficult for target organizations to be able to keep a watch for without the help of an external party for security analysis.”
So what can be done? Here are Trustwave’s top strategic security recommendations for 2012:
• Education of Employees – The best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees is the first line of defense.
• Identification of Users – Focus on achieving a state where every user-initiated action in your environment is identifiable and tagged to a specific person.
• Homogenization of Hardware and Software – Fragmentation of enterprises’ computing platforms is an enemy to security. Reducing fragmentation through standardization of hardware and software, and decommissioning old systems, will create a more homogenous environment that is easier to manage, maintain and secure.
• Registration of Assets –A complete inventory or registry of valid assets can provide the insight needed to identify malware or a malicious attack.
• Unification of Activity Logs – Combining the physical world with the digital affords organizations with new ways to combine activities and logs to identify security events more quickly.
• Visualization of Events – Log reviews alone are no longer sufficient. Visualizing methods to identify security events within the organization better narrows security gaps.
“Any organization can be a target, but as detailed in our report findings, those most susceptible are businesses that maintain customer records or that consumers frequent most, including restaurants, retail stores and hotels,” Percoco said in a statement. “We advise organizations review our strategic recommendations for 2012 and take steps toward employing better security across their organizations.”