Weak passwords are still a major problem for business security
According to data released by security company Trustwave which has analyzed evidence from almost 700 security breaches that took place in 2013, retail is the most compromised industry, accounting for 35 percent of attacks investigated.
The food and drink industry ranks second on 18 percent followed by hospitality on 11 percent. Perhaps not surprisingly e-commerce is most at risk, making up 54 percent of assets targeted whilst data centers account for only 10 percent. Point of sale breaches made up 33 percent of Trustwave’s investigations.
A little worrying is that the median time from an initial intrusion to its being detected was 87 days. Also over 70 percent of compromise victims didn’t detect the breach themselves.
The report looks at the top 10 vulnerabilities found in network penetration testing too. This reveals that weak passwords are still a major problem when it comes to security. During its penetration tests Trustwave collected 626,718 stored passwords and managed to recover more than half of them in minutes. 92 percent of the sample were able to be cracked in 31 days.
Weak or default passwords contributed to a third of the investigated breaches. The three most common passwords in order are "Password1", "Hello123", and "password". Password length is mostly around eight characters -- probably because many systems use that as a minimum.
The report suggests that administrators need to, "Educate users on the value of choosing longer pass-phrases instead of simple, predicable, easy-to-crack passwords". It also recommends deploying two-factor authentication.
More details of Trustwave's 2014 Global Security Report are available in interactive form on the company's website.