Trustwave Report Reveals Global Data Breach and Security Trends

Trustwave SpiderLabs uncovers new attack targets, warns that franchises and chain stores most at risk

CHICAGO - February 7, 2012 - Trustwave, a leading provider of information security and compliance solutions, today published the Trustwave 2012 Global Security Report, a reflection and analysis of investigations, research and client engagements conducted in 2011. The report's findings are based on more than 300 data breach investigations and 2,000 penetration tests performed worldwide last year by SpiderLabs, the advanced security team within Trustwave focused on forensics, ethical hacking and application security testing.

For the second year in a row, the report shows the food and beverage industry is the top target for cybercriminals. Additionally, more than a third of Trustwave SpiderLabs 2011 investigations occurred in a franchise business, and Trustwave researchers expect industries with franchise models will be most at risk in 2012. The report also unveils surprising findings about the most common password used by global businesses and the riskiest time of day to open an email attachment.

"We believe the Trustwave Global Security Report is the most comprehensive report on cybercrime and data breach trends, new and evolving threats, and recommendations of best security practices for organizations," said Nicholas J. Percoco, senior vice president and head of Trustwave SpiderLabs. "In 2011, we performed 42 percent more data breach investigations and assembled a thorough study on business password practices. The information we have gathered highlights security trends and risks that businesses should address in 2012."

Key Report Findings

• What do cybercriminals want?: Customer records remain a valuable target for attackers, making up 89 percent of breached data investigated. While trade secrets or intellectual property followed at a distant six percent, highly targeted attacks designed to go after that type of data remain a growing concern, as their success rate is extremely high.
• Data breach investigations are on the rise:  Trustwave performed 42 percent more investigations in 2011 than in the previous year - conducting more than 300 data breach investigations in 18 countries worldwide. The increase in investigations can be attributed to an increase in targeted, sophisticated attacks resulting in breaches, as well as more investigations in the Asia-Pacific region.
• The food and beverage industry remains the top target: For the second year, the food and beverage industry made up the highest percentage of investigations in 2011 at nearly 44 percent.
• Franchises and chain stores beware: Trustwave found that industries with franchise and chain store models are the top targets primarily because franchises often use the same IT systems across stores. If a cybercriminal can compromise a system in one location, they likely can duplicate the attack in multiple locations. More than a third of 2011 investigations occurred in a franchise business and this number is expected to rise in 2012.
• Global businesses have a password problem: Despite headlines regarding data breaches due to poor password practices, global businesses still allow employees and system administrators to use weak passwords. Analyzing the usage and weakness trends of more than 2 million business passwords, Trustwave found that the most common password used by global businesses is "Password1" as it satisfies the default Microsoft Active Directory complexity setting.
• Careful when you open that attachment: 8:00 a.m. and 9:00 a.m. (Eastern Time, U.S.) is the most likely time for email sent with a malicious attachment.
• Self-detection of attacks and breaches is dismal:  Self-detection of compromises decreased in 2011 and only 16 percent of victimized organizations were able to detect the breach themselves. The remaining 84 percent relied on information reported to them by an external entity: regulatory, law enforcement or public. In those cases, in which an external entity was necessary for detection, analysis found that attackers had an average of 173.5 days within the victim's environment before detection occurred.
• Law enforcement steps up its cybersecurity game:  The good news for organizations is that the effectiveness of law enforcement to detect breaches increased almost five-fold in 2011. Thirty-three percent of organizations that reported a breach were notified by law enforcement, compared to just seven percent the previous year. This increase can be attributed to work performed by groups such as the United States Secret Service, Interpol, Australian Federal Police and UK's Serious Organised Crime Agency.

Top Strategic Security Recommendations for 2012

To improve security posture, Trustwave recommends six focus areas for organizations in 2012:

• Education of Employees - The best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees is the first line of defense.
• Identification of Users - Focus on achieving a state where every user-initiated action in your environment is identifiable and tagged to a specific person.
• Homogenization of Hardware and Software - Fragmentation of enterprises' computing platforms is an enemy to security. Reducing fragmentation through standardization of hardware and software, and decommissioning old systems, will create a more homogenous environment that is easier to manage, maintain and secure.
• Registration of Assets -A complete inventory or registry of valid assets can provide the insight needed to identify malware or a malicious attack.
• Unification of Activity Logs - Combining the physical world with the digital affords organizations with new ways to combine activities and logs to identify security events more quickly. 
• Visualization of Events - Log reviews alone are no longer sufficient. Visualizing methods to identify security events within the organization better narrows security gaps.

"Any organization can be a target, but as detailed in our report findings, those most susceptible are businesses that maintain customer records or that consumers frequent most, including restaurants, retail stores and hotels," added Percoco. "We advise organizations review our strategic recommendations for 2012 and take steps toward employing better security across their organizations."

Download a complimentary copy of the Trustwave 2012 Global Security Report here. 

Report Methodology
 The Trustwave 2012 Global Security Report features data correlations and analysis from numerous sources including the results of more than 300 incident response and forensic investigations and analysis of more than 2,000 manual penetration tests globally. The report also includes trends from 16 billion emails analyzed from 2008 to 2011, and data from more than one million network and application vulnerability scans. To view a complete list of sources, see the full report.

About Trustwave
Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud, managed security services, software and appliances. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its TrustKeeper® portal and other proprietary security solutions. With more than two million businesses enrolled in TrustKeeper, Trustwave has helped organizations, ranging from Fortune 500 businesses and large financial institutions to small and medium-sized businesses, manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices worldwide. For more information, visit Trustwave.