The retail industry was most affected by data breaches last year, according to a global report released last week by managed security services firm Trustwave.
The 2018 Trustwave Global Security Report found that 16.7% of retail industries suffered data compromise, followed by finance and insurance at 13.1%, then hospitality at 11.9%.
Forty per cent of breaches targeted payment data, split between magnetic stripe data at 22% and card-not-present at 18%.
Surprisingly, incidents targeting hard cash is on the rise at 11%, mostly due to fraudulent ATM transaction breaches enabled by compromise of account management systems at financial institutions, said the report.
The report also found that there is a large disparity when breaches are detected internally versus externally. The median time between intrusion and detection for externally detected compromises was 83 days in 2017, a stark increase from 65 days in 2016. Median time between intrusion and detection for compromises discovered internally however, dropped to zero days in 2017 from 16 days in 2016, meaning businesses discovered the majority of breaches the same day they happened.
The report is derived from the analysis of billions of real-world data across 21 countries, including logged security and compromise events worldwide, hundreds of hands-on data-beach investigations and internal research.
Some of the other key findings are as follows:
- North America as a region leads in data breaches- Although slightly down from the previous year, North America still leads in data breaches investigated by Trustwave at 43% followed by the Asia Pacific region at 30%, Europe, Middle East and Africa (EMEA) at 23% and Latin America at 4%.
- Compromise and environment type matters - Half of the incidents investigated involved corporate and internal networks (up from 43% in 2016) followed by e-commerce environments at 30%. Incidents impacting point-of-sale (POS) systems decreased by more than a third to 20% of the total. This is reflective of increased attack sophistication and targeting of larger service providers and franchise head offices and less on smaller high-volume targets in previous years.
- Social engineering tops methods of compromise - In corporate network environments, phishing and social engineering at 55% was the leading method of compromise followed by malicious insiders at 13% and remote access at 9%. This indicates the human factor remains the greatest hurdle for corporate cybersecurity teams. “CEO fraud”, a social engineering scam encouraging executives to authorise fraudulent money transactions continues to increase.
- All web applications found to be vulnerable - One hundred percent of web applications tested displayed at least one vulnerability with 11 as the median number detected per application. 85.9% of web application vulnerabilities involved session management allowing an attacker to eavesdrop on a user session to commandeer sensitive information.
- Web attacks becoming more targeted - Targeted web attacks are becoming prevalent and much more sophisticated. Many breach incidents show signs of careful preplanning by cybercriminals probing for weak packages and tools to exploit. Cross-site scripting (XSS) was involved in 40% of attack attempts, followed by SQL Injection (SQLi) at 24%, Path Traversal at 7%, Local File Inclusion (LFI) at 4%, and Distributed Denial of Service (DDoS) at 3%.
- Malware using persistence techniques - Although 30% of malware examined used obfuscation to avoid detection and bypass first line defenses, 90% used persistence techniques to reload after reboot.
- Service providers are now in the crosshairs - Of great concern is a marked increase at 9.5% in compromises targeting businesses that provides IT services including web-hosting providers, POS integrators and help-desk providers. A compromise of just one provider opens the gates to a multitude of new targets. In 2016, service provider compromises did not register in the statistics.
“Our 2017 threat intelligence and investigations along with a retrospective view of the last ten years has unequivocally exposed cybercriminals and their attacks are becoming more methodical and organized,” stated Mr Steve Kelley, chief marketing officer at Trustwave.
“As long as cybercrime remains profitable, we will continue to see threat actors quickly evolving and adapting methods to penetrate networks and steal data. Security is as much a ‘people’ issue as it is a technology issue. To stay on par with determined adversaries, organisations must have access to security experts who can think and operate like an attacker while making best use of the technologies deployed.”
The 2018 Trustwave Global Security Report can be found here.