Trustwave: Retail most compromised industry in 2014, with e-commerce assets most targeted
Chicago -- Retail was the most compromised industry in 2014, making up 43% of breach investigations, according to a study by Trustwave that gathered data from 574 breach investigations the company conducted in 2014 across 15 countries. Retail made up 43% of the investigations, followed by food and beverage, which made up 13% of the investigations.
The “2015 Trustwave Global Security Report” found that 64% of the breaches in the retail industry were of e-commerce assets and 27% were of POS assets.
In other findings payment card track data was the most targeted information sought by attackers in 2014 (making up 31% of all cases, up 12% over 2013). Attackers sought either financial credentials or proprietary information in 20% of the cases, down from 45% in 2013, as attackers shifted their focus back to payment card data.
The report confirms that longer passwords are better. “Password1” was still the most commonly used password, and 39% of passwords were eight characters long. The estimated time it took Trustwave security testers to crack an eight-character password was one day. The estimated time it takes to crack a 10-character password is 591 days.
Other highlights of the report include:
• The majority of victims, 81%, did not detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.
• Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014.
• Half of the compromises Trustwave investigated occurred in the United States (a nine percentage point decrease from 2013).
• The Trustwave Global Security Report is designed to help businesses better understand their cyber enemies and the tactics they are using to launch attacks. Download it here at Trustwave.com/GSR.