E-commerce and point-of-sales among biggest targets for data breaches

Sensitive, confidential data was hackers’ top target in 2013, alongside credit card and debit card credentials – and two of the worst hot spots were in e-commerce and point-of-sales (POS) terminals, according to a new report.

Trustwave Holdings Inc. released its annual global security report today, highlighting what they found to be some of the security landscape’s biggest threats. Among the top findings were that data breaches had mushroomed, as the security solutions provider’s researchers did 691 data breach investigations in 2013, a 54 per cent increase over the 450 performed in 2012.

The report looked at breaches in 24 different countries, including Canada and the U.S., and researchers expect to continue to investigating data breaches for e-commerce and POS systems this year and perhaps even further into the future.

Out of those data breach investigations, 33 per cent of them were based around POS terminals, while e-commerce represented 54 per cent of the assets that hackers went after. From there, retail represented 35 per cent of the investigations performed, making it the most targeted industry, followed by food and beverage at 18 per cent, and hospitality at 11 per cent.

It makes sense that hackers would go after these verticals – after all, when a hacker breaches one location of a franchise, he or she can often gain access to others.

“By breaching a single location, attackers take advantage of the multi-protocol label switching network used by many franchisors to connect individual locations with the corporate headquarters,” researchers wrote. “The intruder can then advance quickly throughout the environment and other connected, remote locations or the headquarters.”

The same underlying principle works for attacking corporate headquarters, as well as third-party POS integration firms, which often serve most or all locations within a franchise, they added.

In terms of how hackers actually launched their attacks, most often they were using Java applets to install malware on their victims’ systems. They also used third-party plug-ins like Java, Adobe Flash, Acrobat and Reader about 85 per cent of the time. At other times, they used spam carrying malicious attachments.

And while some of those were carefully planned campaigns, about 31 per cent of the investigations showed weak passwords were the culprits for data breaches. And tellingly, about 71 per cent of victims didn’t know they had been breached, with a median timeline of about 87 days elapsing between when a hacker first entered a system, to when he or she was finally detected.

For businesses looking to protect themselves, Trustwave’s researchers recommend educating employees and users on security passwords like making strong passwords and avoiding phishing schemes. They added businesses also need to secure their data across endpoints, networks, applications, and databases.

For the full report, head on over here.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Candice So
Candice Sohttp://www.itbusiness.ca
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs