Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

Trustwave Releases 2010 Global Security Report: Finds Basic Security Threats Overlooked and Third Party Vendor Issues

Finds Basic Security Threats Overlooked and Third Party Vendor Issues

CHICAGO (February 2, 2010) - Trustwave, the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world, has released its 2010 Global Security Report. The report analyzes data gathered from nearly 1900 penetration tests and more than 200 security incident and compromise investigations throughout 2009 and provides a business and technical impact analysis. The report was compiled by SpiderLabs, the advanced security team at Trustwave responsible for incident response and forensics, penetration testing, application security and security research.

The most notable trend of 2009 was the continued existence of attack vectors despite the security industry's awareness of the associated vulnerabilities for a decade or more. Organizations large and small were found to be moving forward with plans to implement new technology, while leaving basic security threats overlooked in legacy environments and IT systems.

A recent article in USA Today agrees with these findings, stating, "The vast majority of organizations routinely fail to take simple defensive measures, such as shoring up common website weaknesses or uniformly enforcing the use of strong passwords." †

In a striking trend, the SpiderLabs team also found that third-party vendors or their software was responsible for more than 81 percent of investigations of a security incident or compromise. It was these third parties that introduced many deficiencies exploited by the attacker, such as default vendor-supplied passwords and insecure remote access applications.

In addition to the analysis of breach investigations, SpiderLabs also published technical information on the top vulnerabilities encountered during the penetration tests performed. The most telling results were those industries that requested penetration tests were the least compromised sector. For example, technology and business services sector clients made up 36.1 percent of the penetration tests performed in 2009, yet only 9 percent of compromise investigations. Conversely, hospitality and food and beverage clients accounted for 7.6 percent of the penetration tests performed, while this sector made up a stunning 51 percent of investigations conducted by SpiderLabs.

"It's clear that organizations are managing current threats in a very reactive manner, rather than proactively reviewing their entire security posture and developing a plan that secures their data, systems and facilities," says Robert J. McCullen, chairman and CEO of Trustwave. "This report will provide companies throughout the world with the actionable information on detecting the leading vulnerabilities and guidance on how to mitigate those threats and secure their organization."

"The incidents we investigated showed that the hacking techniques used to penetrate a system were trivial - that is they are very simple attack methods that have existed for many years," says Nicholas J. Percoco, senior vice president and head of SpiderLabs. "Yet many of these organizations never knew the vulnerabilities or the systems penetrated existed within their environment. In 2010, organizations should adjust their security plans and prioritize security risks before implementing a new strategic initiative."

About Trustwave

Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions including SIEM , WAF , EV SSL certificates  and secure digital certificates . Trustwave has helped hundreds of thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit

† "Cyberthieves find workplace networks are easy pickings," by Byron Acohido, USA Today, October 9, 2009.

Latest News Releases

New Trustwave SpiderLabs Research Exposes Unique Cybersecurity Threats Facing Education Industry

Chicago – February 22, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released comprehensive research uncovering unique cybersecurity threats faced by...

Read More

Trustwave MailMarshal Now Available on Microsoft Azure Marketplace

Chicago – February 1, 2024 – Trustwave, a global cybersecurity and managed security services leader, today announced the availability of Trustwave MailMarshal on the Microsoft Azure Marketplace, an...

Read More

Aquion and Trustwave Announce Strategic Partnership to Boost Cybersecurity in Australia and New Zealand

Sydney, Australia - Jan 30, 2024 - Aquion, a specialist in value-added software distribution, proudly announces its strategic partnership with global managed cybersecurity leader Trustwave. This...

Read More