The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices. The Trustwave Global Security Report is now available. The greport reveals eye-opening findings about global data breaches and security trends. Throughout , Trustwave compiled data from global data breach investigations, more than 2, penetration tests, more than nine million Web application attacks, more than two million network and vulnerability scans, more than five million malicious websites, more than 20 billion emails as well as extensive research and analysis of zero-day security threats. Sign up to download the Trustwave Global Security Report. This is a bot-free zone.
|Published (Last):||20 November 2016|
|PDF File Size:||8.81 Mb|
|ePub File Size:||17.57 Mb|
|Price:||Free* [*Free Regsitration Required]|
Trustwave News Releases document our latest announcements, including corporate news, product and service launches and industry accolades. The report includes the type of information most targeted, industries most compromised, how criminals typically got inside, when victims identified an attack, notable malware trends and other critical components of breaches that matter to businesses.
It also reveals how cybercrime is impacting different regions of the world and offers recommendations for businesses to help them fight cybercrime, protect their data and reduce security risks. Trustwave experts gathered the data from breach investigations a 54 percent increase from across 24 countries in addition to proprietary threat intelligence gleaned from the company's five global Security Operations Centers, telemetry from security technologies and ongoing threat research.
All of the data was collected and analyzed by Trustwave experts. If businesses are not fully equipped with all of these components, they are only increasing their chances of being the next data breach victim," said Robert J.
However, the more information businesses can arm themselves with regarding who are their potential attackers, what those criminals are after and how their team will identify, react and remediate a breach if it does occur, is key to protecting their data, users and overall business. The Trustwave Global Security Report recommends businesses implement the following action plan:. Download a complimentary copy of the full Trustwave Global Security Report here.
Trustwave helps businesses fight cybercrime, protect data and reduce security risks. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs while safely embracing business imperatives including big data, BYOD and social media.
Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www. Follow Trustwave on Twitter at www. All trademarks used herein remain the property of their respective owners.
Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks. This is a bot-free zone. Please check the box to let us know you're human. Download Now. Read complimentary reports and insightful stories in the Trustwave Resource Center. Newsroom News Releases.
Data and Systems Targeted While payment card data continued to top the list of the types of data compromised, the report notes that 45 percent of data thefts in involved confidential, non-payment card data-a 33 percent increase from Non-payment card data includes other sensitive and confidential information such as financial credentials, internal communications, personally identifiable information and various types of customer records.
E-commerce breaches were the most rampant making up 54 percent of assets targeted. Point-of-sale POS breaches accounted for 33 percent of our investigations and data centers made up 10 percent.
Trustwave experts expect POS and e-commerce compromises to dominate into and beyond. Victims of Compromise When ranking the top ten victim locations, the report reveals the United States overwhelmingly house the most victims at 59 percent, which was more than four times as many as the next closest victim location, the United Kingdom, at 14 percent.
Australia was ranked third, at 11 percent followed by Hong Kong and India, both at two percent. Similar to , retail once again was the top industry compromised making up 35 percent of the breaches Trustwave investigated in Food and beverage ranked second at 18 percent and hospitality ranked third at 11 percent.
Intrusion Methods Malware Everywhere Criminals continued to use malware as one of the top methods for getting inside and extracting data. The top three malware-hosting countries in were the United States 42 percent , Russia 13 percent and Germany 9 percent.
Criminals relied most on Java applets as a malware delivery method percent of exploits Trustwave detected took advantage of Java vulnerabilities. Eighty-five percent of the exploits detected in were of third party plug-ins, including Java, Adobe Flash and Acrobat Reader. Overall spam made up 70 percent of inbound mail, however malicious spam dropped five percent in Fifty-nine percent of malicious spam included malicious attachments and 41 percent included malicious links.
User Accidents Unbeknownst to them, employees and individual users often open the door to criminals by using easily-guessable passwords.
Trustwave experts found weak passwords led to an initial intrusion in 31 percent of compromises. In December , security researchers at Trustwave discovered a Pony botnet instance that compromised approximately two million accounts for popular websites.
When analyzing those compromised credentials, Trustwave found that "" topped the list of the most commonly used password followed by "," "" and then "password. Application Vulnerabilities 96 percent of applications scanned by Trustwave in harbored one or more serious security vulnerabilities. The finding demonstrates the need for more application security testing during the development, production and active phases.
Detecting a Compromise Trustwave experts found that self-detection continued to be low with 71 percent of compromised victims not detecting breaches themselves. However, the data also demonstrates how critical self-detection is improving the timeline to containment and therefore limiting the overall damage. For example, the median number of days it took organizations that self-detected a breach to contain the breach was one day whereas it took organizations 14 days to contain the breach when it was detected by a third party.
The report also reveals the median number of days from initial intrusion to detection was 87 and the median number of days from detection to containment was seven. Upon discovery of a breach, 67 percent of victims were able to contain it within 10 days. From to , there was a decrease in the amount of time an organization took to contain a breach.
In half of the compromises investigated by Trustwave, the victim contained the breach within four months of the initial intrusion. Invest in gateway security technologies as a fallback to automate protection from threats such as zero-day vulnerabilities, targeted malware and malicious email. Thirty percent of the time, an attacker gains access because of a weak password.
Strong passwords-consisting of a minimum of seven characters and a combination of upper and lower case letters, symbols and numbers-play a vital role in helping prevent a breach. Even better are passphrases that include eight to 10 words that make up a sentence that only the user knows. Businesses should also deploy two-factor authentication for employees who access the network.
This forces users to verify their identity with information other than simply their username and password, like a unique code sent to a user's mobile phone. Assess your entire set of assets-from endpoint to network to application to database.
Any vulnerability in any asset could lead to the exposure of data. Combine ongoing testing and scanning of these assets to identify and fix flaws before an attacker can take advantage of them. Pitting a security expert against your network hosts, applications and databases applies a real-world attacker's perspective to your systems a threat model. A penetration test transcends merely identifying vulnerabilities by demonstrating how an attacker can take advantage of them and expose data.
Identify what sorts of events or indicators of compromise will trigger your incident response plan. A plan will help make your organization aware of a compromise sooner, limit its repercussions and shorten its duration. About Trustwave Trustwave helps businesses fight cybercrime, protect data and reduce security risks. Thank You One of our sales specialists will be in touch shortly.
2013 Trustwave Global Security Report: Threat Trends Webinar
Log in. Hi [[ session. Listen Up. Lock Down. Then sign up for this expert webcast covering the highlights of the Trustwave Global Security Report. Recorded Mar 19 55 mins. Your place is confirmed, we'll send you email reminders Add to calendar Outlook iCal Google.
Browse our IT and security resources to find information on topics around managed security, security news, and more. We're pleased to share the results of our Trustwave Global Security Report with you. In this report, we've analyzed the results of hundreds of incident response investigations, thousands of penetration tests, millions of website and Web application attacks and tens of billions of events. We've also included detailed contributions from law enforcement agencies and experts from around the world. All in an effort to provide you with perspectives on the latest threats and vulnerabilities facing organizations just like yours, along with actionable recommendations you can begin implementing immediately to strengthen your security program.