Skip to main content

Cybercrime Profit and Weak Data Protection Fuel Growth

Law enforcement officials often make the claim that "crime doesn't pay" and that criminals will always be punished, eventually. However, that's typically not the case for cyber criminals. Earlier this year Trustwave released the findings from a worldwide market study which revealed the top cybercrime, data breach and security threat trends from 2014.

The resulting report disclosed how much criminals can profit from malware attacks, which data they target, how they get inside, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals are targeting and where the majority of victims are located.

Trustwave gathered data from the 574 breach investigations that the company's security experts conducted in 2014 across 15 countries, in addition to threat intelligence gleaned from their five global Security Operations Centers, security scanning and penetration testing results, telemetry from security technologies distributed across the globe and industry-leading security research.

"To defend against today's sophisticated criminals, businesses must see attacks from their front windshield instead of their rear view mirror," said Robert J. McCullen, CEO at Trustwave. More often than not, the underlying symptom at many companies is a fundamental IT security skills deficiency.

2015 Global Security Report Highlights

Return on investment (ROI): Attackers receive an estimated 1,425 percent return on investment for exploit kit and 'ransomware' schemes ($84,100 net revenue for each $5,900 investment).

Weak application security: 98 percent of applications tested in 2014 had at least one vulnerability. The maximum number of vulnerabilities found in a single application was 747. The median number of vulnerabilities per application increased 43 percent in 2014 from the previous year.

Password strength: "Password1" was still the most commonly used password. 39 percent of passwords were eight characters long. The estimated time it took security testers to crack an eight-character password was one day. The estimated time it takes to crack a ten-character password is 591 days.

Where victims reside: Half of the compromises the experts investigated occurred within the United States (a nine percentage point decrease from 2013).

Who criminals target: Retail was the most compromised industry, making up 43 percent of the investigations, followed by food and beverage (13 percent) and hospitality (12 percent).

Top assets compromised: 42 percent of investigations were of eCommerce breaches. Forty percent were of point-of-sale (POS) breaches. POS compromises increased seven percentage points from 2013 to 2014, making up 33 percent of Trustwave's investigations in 2013 and 40 percent in 2014. The eCommerce compromises decreased 13 percentage points from 2013 to 2014.

Data most targeted: In 31 percent of cases investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that's needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45 percent in 2013), meaning attackers shifted their focus back to payment card data.

Lack of self-detection: 81 percent of victims didn't detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.

How criminals break in: Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014. Weak remote access security or weak passwords contributed to 94 percent of POS breaches.

Popular posts from this blog

Open Banking Usage to Grow by 470 Percent

The Open Banking business model has been advantageous for Third-Party Providers (TPPs), helping them to extend their offerings into other areas of financial services with new capabilities. Open Banking is also advantageous for traditional banking institutions, despite the perceived loss of custodianship over their data, by providing greater accessibility to more bank services. Furthermore, Open Banking can help serve Mobile Internet providers that are able to leverage it to create tailored services according to customers’ preferences and/or economic limitations. Open Banking Market Development Since traditional banking services are made more convenient by TPPs via greater data access, customers can proactively manage their finances and shape the development of new financial offerings. This is particularly noticeable in the realm of Digital Payments, where retail merchants and customers transact through eCommerce, which has the greatest number of use cases for Open Banking. These includ

Digital Talent Demand Exceeds Supply in Asia-Pac

Even the savviest CEO's desire for a digital transformation advantage has to face the global market reality -- there simply isn't enough skilled and experienced talent available to meet demand. According to the latest market study by IDC, around 60-80 percent of Asia-Pacific (AP) organizations find it "difficult" or "extremely difficult" to fill many IT roles -- including cybersecurity, software development, and data insight professionals. Major consequences of the skills shortage are increased workload on remaining digital business and IT employees, increased security risks, and loss of "hard-to-replace" critical transformation knowledge. Digital Business Talent Market Development Although big tech companies' layoffs are making headlines, they are not representative of the overall global marketplace. Ongoing difficulty to fill key practitioner vacancies is still among the top issues faced by leaders across industries. "Skills are difficul

Mobile Device Market Still Awaiting Recovery

The mobile devices market has experienced three years of unpredictable demand. The global pandemic, geopolitical pressures, supply chain issues, and macroeconomic headwinds have hindered the sector's consistent growth potential. This extremely challenging environment has dramatically affected both demand and supply chains. It has led to subsequent inflationary pressures, leading to a worsening global cost of living crisis suppressing growth and confidence in the sector. In tandem, mobile device industry stakeholders have become more cautious triggering market uncertainties. Mobile Device Market Development Operating under such a backdrop, the development of mobile device ecosystems and vendor landscapes have been impacted severely. Many of these market pressures persisted throughout 2022 and now into 2023, borne chiefly by the smartphone market. According to the latest worldwide market study by ABI Research, worldwide smartphone shipments in 2022 declined 9.6 percent Year-over-Year