Are you in charge of your company’s Internet security? Do you manage the people who are? Then you should read the 2014 Trustwave Global Security Report. Don’t be put off by its size (nearly 100 pages). The report is formatted like a giant infographic, so it’s easy to grasp the facts it presents. In fact, even if you have nothing to do with managing website security, you may want to give it a read. Here are some of the high points.
How’d They Get In?
The data for this report comes from almost 700 Trustwave breach investigations in 2013, along with data from their operations centers, security telemetry, and research. 85 percent of the breaches made use of vulnerabilities in third-party tools, among them Java, Flash, and Adobe Reader. 85 percent! It’s not enough to to put Windows Update in automatic mode—that just keeps Windows up to date. You have to keep all your apps patched.
The researchers found that weak passwords were a factor in 31 percent of the breaches under investigation. It’s bad enough when you use a password like “monkey” or “12345″ for your Club Penguin account. When you protect your business resources with a weak password or leave the default password in place, you’re asking to get hacked.
Who’s Getting Hit?
If you have the feeling that data breaches are getting more and more common, you’re right. Total volume increased 54 percent over Trustwave’s previous report. Payment card data is naturally the most popular form of cyber-loot, since crooks can monetize that data instantly. But the report notes a 33 percent increase in non-card data, including internal communications and customer records.
Point-of-sale breaches, like last year’s Target fiasco, accounted for 33 percent of the total. As for where the breaches occurred, the U.S. is number one both in victim organizations and in perpetrator location.
Introspection Is Critical
In fully 71 percent of the breaches investigated by Trustwave, the victim organization did not discover the breach. A bank, a partner, a regulatory agency, or some other third party made the initial report. On average, attackers had almost three months free rein before discovery of the breach. Also on average, companies managed to contain the problem within a week after detection.
Things look better for organizations whose own policies and practices revealed the breach. Better, but still not great. This group still averaged a month between infection and detection. On the other hand, their remediation stats are great, with an average of just one day to contain a detected breach.
Do It Right
Clearly, every organization needs policies in place that will ensure a breach doesn’t go undetected, and that will offer a clear path to containment. However, a badly-designed policy can be worse than no policy at all, especially in a franchise-type organization.
In some cases, an attack on one franchise will easily spread to the organization’s headquarters. Of course, a breach at HQ could likewise spread to any or all of the franchises. It’s also possible that a third-party service used by all the franchises could corrupt the whole system.
A Wealth of Data
You’ll find an absolute wealth of data in this report. It lists indicators of a data breach, along with the correct response to each. It explains just how a malware campaign runs and makes money. There’s a run-down of exactly which exploits Trustwave encountered (Java is very, very popular with the crooks).
The report lists a collection of popular server-side software, and the percentage of installations that are running a vulnerable unsupported version (percentages range from two to 70). I could go on and on. Really, though, you’d be well advised to read the full report. If you’re actively involved in your company’s website security, it’s an absolute must.