Skip to main content

Cybercrime Profit and Weak Data Protection Fuel Growth

Law enforcement officials often make the claim that "crime doesn't pay" and that criminals will always be punished, eventually. However, that's typically not the case for cyber criminals. Earlier this year Trustwave released the findings from a worldwide market study which revealed the top cybercrime, data breach and security threat trends from 2014.

The resulting report disclosed how much criminals can profit from malware attacks, which data they target, how they get inside, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals are targeting and where the majority of victims are located.

Trustwave gathered data from the 574 breach investigations that the company's security experts conducted in 2014 across 15 countries, in addition to threat intelligence gleaned from their five global Security Operations Centers, security scanning and penetration testing results, telemetry from security technologies distributed across the globe and industry-leading security research.

"To defend against today's sophisticated criminals, businesses must see attacks from their front windshield instead of their rear view mirror," said Robert J. McCullen, CEO at Trustwave. More often than not, the underlying symptom at many companies is a fundamental IT security skills deficiency.

2015 Global Security Report Highlights

Return on investment (ROI): Attackers receive an estimated 1,425 percent return on investment for exploit kit and 'ransomware' schemes ($84,100 net revenue for each $5,900 investment).

Weak application security: 98 percent of applications tested in 2014 had at least one vulnerability. The maximum number of vulnerabilities found in a single application was 747. The median number of vulnerabilities per application increased 43 percent in 2014 from the previous year.

Password strength: "Password1" was still the most commonly used password. 39 percent of passwords were eight characters long. The estimated time it took security testers to crack an eight-character password was one day. The estimated time it takes to crack a ten-character password is 591 days.

Where victims reside: Half of the compromises the experts investigated occurred within the United States (a nine percentage point decrease from 2013).

Who criminals target: Retail was the most compromised industry, making up 43 percent of the investigations, followed by food and beverage (13 percent) and hospitality (12 percent).

Top assets compromised: 42 percent of investigations were of eCommerce breaches. Forty percent were of point-of-sale (POS) breaches. POS compromises increased seven percentage points from 2013 to 2014, making up 33 percent of Trustwave's investigations in 2013 and 40 percent in 2014. The eCommerce compromises decreased 13 percentage points from 2013 to 2014.

Data most targeted: In 31 percent of cases investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that's needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45 percent in 2013), meaning attackers shifted their focus back to payment card data.

Lack of self-detection: 81 percent of victims didn't detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.

How criminals break in: Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014. Weak remote access security or weak passwords contributed to 94 percent of POS breaches.

Popular posts from this blog

How Data and Analytics Drive Business Growth

Senior executives in the world’s largest and most complex organizations will develop the insights required to achieve lasting Digital Transformation. Gartner has identified a model for digital business growth that binds together data, analytics, technology, and forward-looking transformation capabilities. The Gartner Research Board said that data and analytics (D&A) leaders are uniquely positioned to drive this strategic organizational change that will make their companies behave like 'digital native' leaders.  "The most advanced and successful D&A leaders are driving new opportunities to use digital capabilities – often data and analytics products – to capture value. Those opportunities should directly connect to the business priorities," said Mario Faria, vice president at Gartner . Digital Business Market Development At the same time, some leaders are using digital and D&A to create whole new business models. These leaders – which Gartner named the CxO

Anywhere, Anytime Workplace Demand for SASE

The ongoing adoption of flexible working models within the enterprise market has significant implications for typical IT organizations that must now support knowledge workers and front-line employees that operate outside the corporate network perimeter. The global COVID-19 pandemic created IT networking and security challenges. The expansion of the distributed workforce, an increasing reliance on cloud computing infrastructure, and the requirement to securely connect online employees -- wherever they choose to work, at any given moment in time. Legacy IT solutions that have rigid network underlays and a requirement for on-premises infrastructure cannot adequately deal with these trends. This 'Anywhere, Anytime Workplace' led to demand for new Secure Access Service Edge (SASE) solutions, with networking and security delivered as-a-service. Anywhere, Anytime Workplace Market Development   Although converging networking and security capabilities offer enterprises a promising solut

The Metaverse Raised Virtual Reality Interest

After years of slow growth and limited use cases, the Virtual Reality (VR) market is now forecast to grow significantly over the next five years. Consumer interest in VR games and media continues to grow after the COVID-19 pandemic accelerated activity. At the same time, the need for employee enablement and immersive content within the enterprise environment remains strong. According to the latest market study by ABI Research, over 90 million Head Mounted Display (HMD) shipments in 2027 will drive total VR market revenues to reach over $95 billion across hardware, software, and services. Virtual Reality Market Development "The virtual reality market is no stranger to false starts, with identifiable efforts in VR dating back to the 1980s and 1990s. While the technology never found purchase results, the increased capability of VR hardware combined with the demand for immersive content in numerous markets, presents a significant opportunity," says Eric Abbruzzese, research direc