Retail sector leads in data breaches as criminals target corporate networks
The retail sector suffered the most breaches in 2017, accounting for 16.7 percent followed by the finance and insurance industry at 13.1 percent and hospitality at 11.9 percent.
Geographically, North America is in the lead with 43 percent of breaches, followed by the Asia Pacific region at 30 percent, Europe, Middle East and Africa (EMEA) at 23 percent and Latin America at four percent.
These are among the findings of the latest Trustwave Global Security Report. Among other highlights are that half of the incidents investigated involved corporate and internal networks (up from 43 percent in 2016) followed by eCommerce environments at 30 percent. Incidents impacting point-of-sale (POS) systems decreased by more than a third to make up 20 percent of the total.
Social engineering remains the most common means of compromise at 55 percent, followed by malicious insiders at 13 percent and remote access at nine percent. These figures show that human action is still often the key to cyber security.
Web applications are at risk too, with 100 percent of those tested found to have at least one vulnerability. Over 85 percent of these involved session management allowing an attacker to eavesdrop on a user’s activity.
"Our 2017 threat intelligence and investigations along with a retrospective view of the last ten years has unequivocally exposed cyber criminals and their attacks are becoming more methodical and organized," says Steve Kelley, chief marketing officer at Trustwave. "As long as cyber crime remains profitable, we will continue to see threat actors quickly evolving and adapting methods to penetrate networks and steal data. Security is as much a 'people' issue as it is a technology issue. To stay on par with determined adversaries, organizations must have access to security experts who can think and operate like an attacker while making best use of the technologies deployed."
The report also includes a 10 year overview of cyber security trends. This shows that while vulnerabilities and exploit kits are on the rise, spam is declining, now accounting for just 40 percent of mail traffic. A small number of criminal gangs using botnets now control most spam.
There's much more detail on offer in the full report which you can get from the Trustwave website.