Sensitive, confidential data was hackers’ top target in 2013, alongside credit card and debit card credentials – and two of the worst hot spots were in e-commerce and point-of-sales (POS) terminals, according to a new report.
Trustwave Holdings Inc. released its annual global security report today, highlighting what they found to be some of the security landscape’s biggest threats. Among the top findings were that data breaches had mushroomed, as the security solutions provider’s researchers did 691 data breach investigations in 2013, a 54 per cent increase over the 450 performed in 2012.
The report looked at breaches in 24 different countries, including Canada and the U.S., and researchers expect to continue to investigating data breaches for e-commerce and POS systems this year and perhaps even further into the future.
Out of those data breach investigations, 33 per cent of them were based around POS terminals, while e-commerce represented 54 per cent of the assets that hackers went after. From there, retail represented 35 per cent of the investigations performed, making it the most targeted industry, followed by food and beverage at 18 per cent, and hospitality at 11 per cent.
It makes sense that hackers would go after these verticals – after all, when a hacker breaches one location of a franchise, he or she can often gain access to others.
“By breaching a single location, attackers take advantage of the multi-protocol label switching network used by many franchisors to connect individual locations with the corporate headquarters,” researchers wrote. “The intruder can then advance quickly throughout the environment and other connected, remote locations or the headquarters.”
The same underlying principle works for attacking corporate headquarters, as well as third-party POS integration firms, which often serve most or all locations within a franchise, they added.
In terms of how hackers actually launched their attacks, most often they were using Java applets to install malware on their victims’ systems. They also used third-party plug-ins like Java, Adobe Flash, Acrobat and Reader about 85 per cent of the time. At other times, they used spam carrying malicious attachments.
And while some of those were carefully planned campaigns, about 31 per cent of the investigations showed weak passwords were the culprits for data breaches. And tellingly, about 71 per cent of victims didn’t know they had been breached, with a median timeline of about 87 days elapsing between when a hacker first entered a system, to when he or she was finally detected.
For businesses looking to protect themselves, Trustwave’s researchers recommend educating employees and users on security passwords like making strong passwords and avoiding phishing schemes. They added businesses also need to secure their data across endpoints, networks, applications, and databases.
For the full report, head on over here.