Skip to main content

Cybercrime Profit and Weak Data Protection Fuel Growth

Law enforcement officials often make the claim that "crime doesn't pay" and that criminals will always be punished, eventually. However, that's typically not the case for cyber criminals. Earlier this year Trustwave released the findings from a worldwide market study which revealed the top cybercrime, data breach and security threat trends from 2014.

The resulting report disclosed how much criminals can profit from malware attacks, which data they target, how they get inside, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals are targeting and where the majority of victims are located.

Trustwave gathered data from the 574 breach investigations that the company's security experts conducted in 2014 across 15 countries, in addition to threat intelligence gleaned from their five global Security Operations Centers, security scanning and penetration testing results, telemetry from security technologies distributed across the globe and industry-leading security research.

"To defend against today's sophisticated criminals, businesses must see attacks from their front windshield instead of their rear view mirror," said Robert J. McCullen, CEO at Trustwave. More often than not, the underlying symptom at many companies is a fundamental IT security skills deficiency.

2015 Global Security Report Highlights

Return on investment (ROI): Attackers receive an estimated 1,425 percent return on investment for exploit kit and 'ransomware' schemes ($84,100 net revenue for each $5,900 investment).

Weak application security: 98 percent of applications tested in 2014 had at least one vulnerability. The maximum number of vulnerabilities found in a single application was 747. The median number of vulnerabilities per application increased 43 percent in 2014 from the previous year.

Password strength: "Password1" was still the most commonly used password. 39 percent of passwords were eight characters long. The estimated time it took security testers to crack an eight-character password was one day. The estimated time it takes to crack a ten-character password is 591 days.

Where victims reside: Half of the compromises the experts investigated occurred within the United States (a nine percentage point decrease from 2013).

Who criminals target: Retail was the most compromised industry, making up 43 percent of the investigations, followed by food and beverage (13 percent) and hospitality (12 percent).

Top assets compromised: 42 percent of investigations were of eCommerce breaches. Forty percent were of point-of-sale (POS) breaches. POS compromises increased seven percentage points from 2013 to 2014, making up 33 percent of Trustwave's investigations in 2013 and 40 percent in 2014. The eCommerce compromises decreased 13 percentage points from 2013 to 2014.

Data most targeted: In 31 percent of cases investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that's needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45 percent in 2013), meaning attackers shifted their focus back to payment card data.

Lack of self-detection: 81 percent of victims didn't detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.

How criminals break in: Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014. Weak remote access security or weak passwords contributed to 94 percent of POS breaches.

Popular posts from this blog

Hybrid Work: How to Enhance Employee Productivity

When you hire qualified talent for a key role and trust them to perform, you'll likely achieve the best outcome. Skilled and experienced people will deliver results, regardless of the challenges. That's a key lesson learned from the pandemic experience as most knowledge workers were asked to work from their homes. However, some resist returning to an open-plan office. It's unacceptable. Meanwhile, forward-thinking leaders decided a "return to normal" is undesirable, and in hindsight, everyone should aspire to be more accomodating than before. Therefore, location flexibility is okay. Hybrid Workforce Market Development How will people adapt to these changes? They'll apply the modern IT tools at their disposal. They'll learn new skills and thrive. Nearly 80 percent of employees are now successfully using online collaboration tools for work in 2021 -- that's up from just over half of workers in 2019, according to the latest market study by Gartner. This g

Mobility-as-a-Service Creates Disruptive Travel Options

Building on significant advances in big data, analytics, and the Internet of Things (IoT), more innovative transit service offerings aim to increase public transport ridership and reduce emissions or congestion within metropolitan areas. By providing these services through smartphone apps, the transit services also significantly increase user convenience, providing information on different human mobility offerings -- including public transport, ridesharing, and autonomous vehicles. Mobility-as-a-Service Market Development According to the latest market study by Juniper Research, Mobility-as-a-Service (MaaS) subscribers will generate $53 billion in revenue for MaaS platform providers by 2027 -- that's rising from $5.3 billion in 2021. Let's start with a basic definition. MaaS is the provision of multi-modal end-to-end travel services through single platforms, by which users can determine an optimal route and price. The study identified a monthly subscription model as key to incr

Upside for New 5G Network Transport Infrastructure

The global mobile communication sector is in the midst of a significant network infrastructure upgrade to support the introduction of new high-bandwidth and low-latency broadband service offerings.  Telecom service provider data centers have an important role in fifth-generation (5G) network deployments. Providers undergoing their transition to Stand-Alone (SA) 5G must understand the technical demands of telco data centers and the key enablers of those offerings. According to the latest worldwide market study by ABI Research, the major prerequisites of 5G and the emerging transport solutions would help operators position themselves to successfully capitalize on the new revenue opportunities from delivering differentiated 5G connectivity services. 5G Transport Network Market Development "The rise of the telco data center has a high degree of confluence with the requirements of SA 5G architectures. SA 5G and its increasing reliance on telco data centers can be attributed to the incr