Security vendor Trustwave has conducted an investigation into the data breaches – and the results have thrown up some interesting stats.
The company’s 2012 Global Security Report looked at more than 300 data breach investigations and 2,000 penetration tests performed by its SpiderLabs division, a group focused on forensics, ethical hacking and application security testing.
In terms of where the cybercriminals are focusing their efforts, for the second year running the food and beverage industry was the top target, making up 44% of investigations examined by Trustwave.
Franchise and chain stores were more attractive to cybercriminals than independent stores, primarily because they will use the same IT systems throughout the chain. Trustwave points out that if a hacker can breach one store, the rest in the chain are likely to be hit as well. Franchise and chain stores made up one-third of the 2011 investigations, the report said.
And what are the cybercriminals after? Customer details, of course. The vast majority (89%) of investigations were on breaches that targeted customer records, such as credit cards and personal details.
The report also revealed that despite the headlines and big news stories about data breaches, companies are still leaving themselves wide open to attacks. Analysis of two million business passwords revealed that the most common is… "Password1". Not only does it satisfy he default Microsoft Active Directory complexity setting but it is also easy to remember.
This echoes results from SplashData, who revealed the 25 worst passwords in late 2011. "Password" was top in that research, followed by "123456".
Companies also failed dismally at detecting when they had been breached, with just 16% of victims being able to detect the breach themselves. The rest relied on a combination of the public and regulators to alert them.
Overall, Trustwave conducted 42% more investigations in 2011 compared to 2010.
"Any organisation can be a target, but as detailed in our report findings, those most susceptible are businesses that maintain customer records or that consumers frequent most, including restaurants, retail stores and hotels," said Nicholas J. Percoco, senior vice president and head of Trustwave SpiderLabsPercoco.
"We advise organisations review our strategic recommendations for 2012 and take steps toward employing better security across their organisations," he added.
So what does Trustwave recommend organisations do to keep secure during 2012? The report concludes with the following six steps:
- Education of Employees – the best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees is the first line of defence.
- Identification of Users – focus on achieving a state where every user-initiated action in your environment is identifiable and tagged to a specific person.
- Homogenisation of Hardware and Software – fragmentation of enterprises’ computing platforms is an enemy to security. Reducing fragmentation through standardisation of hardware and software, and decommissioning old systems, will create a more homogenous environment that is easier to manage, maintain and secure.
- Registration of Assets – a complete inventory or registry of valid assets can provide the insight needed to identify malware or a malicious attack.
- Unification of Activity Logs – combining the physical world with the digital affords organisations with new ways to combine activities and logs to identify security events more quickly.
- Visualisation of Events – log reviews alone are no longer sufficient. Visualising methods to identify security events within the organisation better narrows security gaps.