Trustwave Report Reveals Global Data Breach and Security Trends
Trustwave SpiderLabs Uncovers New Attack Targets, Warns That Franchises and Chain Stores Most at Risk
(firmenpresse) - CHICAGO, IL -- (Marketwire) -- 02/07/12 -- Trustwave, a leading provider of information security and compliance solutions, today published the , a reflection and analysis of investigations, research and client engagements conducted in 2011. The report's findings are based on more than 300 data breach investigations and 2,000 penetration tests performed worldwide last year by , the advanced security team within Trustwave focused on forensics, ethical hacking and application security testing.
For the second year in a row, the report shows the food and beverage industry is the top target for cybercriminals. Additionally, more than a third of Trustwave SpiderLabs 2011 investigations occurred in a franchise business, and Trustwave researchers expect industries with franchise models will be most at risk in 2012. also unveils surprising findings about the most common password used by global businesses and the riskiest time of day to open an email attachment.
"We believe the Trustwave Global Security Report is the , new and evolving threats, and recommendations of best security practices for organizations," said Nicholas J. Percoco, senior vice president and head of Trustwave SpiderLabs. "In 2011, we performed 42 percent more data breach investigations and assembled a thorough study on business password practices. The information we have gathered highlights security trends and risks that businesses should address in 2012."
Customer records remain a valuable target for attackers, making up 89 percent of breached data investigated. While trade secrets or intellectual property followed at a distant six percent, highly targeted attacks designed to go after that type of data remain a growing concern, as their success rate is extremely high.
Trustwave performed 42 percent more investigations in 2011 than in the previous year -- conducting more than 300 data breach investigations in 18 countries worldwide. The increase in investigations can be attributed to an increase in targeted, sophisticated attacks resulting in breaches, as well as more investigations in the Asia-Pacific region.
For the second year, the food and beverage industry made up the highest percentage of investigations in 2011 at nearly 44 percent.
: Trustwave found that industries with franchise and chain store models are the top targets primarily because franchises often use the same IT systems across stores. If a cybercriminal can compromise a system in one location, they likely can duplicate the attack in multiple locations. More than a third of 2011 investigations occurred in a franchise business and this number is expected to rise in 2012.
Despite headlines regarding data breaches due to poor password practices, global businesses still allow employees and system administrators to use weak passwords. Analyzing the usage and weakness trends of more than 2 million business passwords, Trustwave found that the most common password used by global businesses is "" as it satisfies the default Microsoft Active Directory complexity setting.
8:00 a.m. and 9:00 a.m. (Eastern Time, U.S.) is the most likely time for email sent with a malicious attachment.
Self-detection of compromises decreased in 2011 and only 16 percent of victimized organizations were able to detect the breach themselves. The remaining 84 percent relied on information reported to them by an external entity: regulatory, law enforcement or public. In those cases, in which an external entity was necessary for detection, analysis found that attackers had an average of 173.5 days within the victim's environment before detection occurred.
The good news for organizations is that the effectiveness of law enforcement to detect breaches increased almost five-fold in 2011. Thirty-three percent of organizations that reported a breach were notified by law enforcement, compared to just seven percent the previous year. This increase can be attributed to work performed by groups such as the United States Secret Service, Interpol, Australian Federal Police and UK's Serious Organised Crime Agency.
To improve security posture, Trustwave recommends six focus areas for organizations in 2012:
The best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees is the first line of defense.
Focus on achieving a state where every user-initiated action in your environment is identifiable and tagged to a specific person.
Fragmentation of enterprises' computing platforms is an enemy to security. Reducing fragmentation through standardization of hardware and software, and decommissioning old systems, will create a more homogenous environment that is easier to manage, maintain and secure.
A complete inventory or registry of valid assets can provide the insight needed to identify malware or a malicious attack.
Combining the physical world with the digital affords organizations with new ways to combine activities and logs to identify security events more quickly.
Log reviews alone are no longer sufficient. Visualizing methods to identify security events within the organization better narrows security gaps.
"Any organization can be a target, but as detailed in our report findings, those most susceptible are businesses that maintain customer records or that consumers frequent most, including restaurants, retail stores and hotels," added Percoco. "We advise organizations review our strategic recommendations for 2012 and take steps toward employing better security across their organizations."
Download a complimentary copy of the Trustwave 2012 Global Security Report at: .
The Trustwave 2012 Global Security Report features data correlations and analysis from numerous sources including the results of more than 300 incident response and forensic investigations and analysis of more than 2,000 manual penetration tests globally. The report also includes trends from 16 billion emails analyzed from 2008 to 2011, and data from more than one million network and application vulnerability scans. To view a complete list of sources, see the .
Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions including , , and . Trustwave has helped hundreds of thousands of organizations -- ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit .
:
Cas Purdy
Trustwave
312-470-8703
Themen in dieser Pressemitteilung:
Unternehmensinformation / Kurzprofil:
Datum: 07.02.2012 - 15:01 Uhr
Sprache: Deutsch
News-ID 111913
Anzahl Zeichen: 0
contact information:
Town:
CHICAGO, IL
Kategorie:
Internet
Diese Pressemitteilung wurde bisher 364 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"Trustwave Report Reveals Global Data Breach and Security Trends"
steht unter der journalistisch-redaktionellen Verantwortung von
Trustwave (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).
