It took businesses an average of over 100 days to learn about security breaches in 2014 and 81 percent of affected businesses do not detect breaches on their own, according to Trustwave’s latest Global Security Report, based on 574 breaches handled by the firm last year.
“Compromises are nothing new, of course, but 2014 just felt different. Yet despite these occurrences, were cybercriminals actually busier? Or were more breaches just detected and/or disclosed? Maybe it doesn’t matter. Perhaps what does is the fact that general awareness of data security issues is evoking increased scrutiny and pressure from the public, business leaders and executive boards,” noted Trustwave.
Unsurprisingly, breaches at retailers led all industries, with 58 percent of all events investigated, an increase over 2013 by 8 percent. Cyber attacks against the food and beverage industry and the hospitality industry increased as well. Trustwave cited attacks on online booking service providers – third parties that arrange hotel, airline, and rental car reservations – as a growing area of concern.
“While we didn’t observe an overwhelming amount of online booking service provider breaches this year, these incidents are worth noting because each is an example of more sophisticated, targeted attacks against complex environments rather than merely the result of scanning for known vulnerabilities,” said Trustwave.
In 2014, 50 percent of the 574 compromises occurred in the United States, and point-of-sale transactions were the most frequent target for cybercriminals. Those two facts may be linked, according to Trustwave.
“We suspect that the United States’ lagging adoption of the EMV standard (commonly referred to as ‘chip-and-PIN’ by banking groups in the United Kingdom and Ireland) contributes to many of POS environment compromises,” the firm said. They added, “95 percent of food-and-beverage industry compromises and 65 percent of hospitality industry compromises were of point-of-sale (POS) systems. Weak remote access security contributed to 44 percent of POS system compromises.”
Weak passwords also remained a top problem, according to Trustwave, as systems users continue to select “Password1” as the most common password.