Cybersecurity firm Trustwave provides an invaluable public service each year when it releases its annual report on data breach activity. This report, the 2015 Trustwave Global Security Report, examines the ways hacking attempts and data breaches were perpetrated, which sectors of industry are hit the hardest, even the corporate and consumer behaviors that lead to data compromise. (Did you know that “Password1” is still the most commonly used password?)
The 2015 report, which was released in June, examined the incidents that Trustwave was asked to investigate last year. Key findings of their research include:
- 43% of the incidents were in the retail industry, followed by 13% for the food and beverage industry and 12% for the hospitality industry.
- Half of the incidents that they investigated took place in the United States.
- In 31% of cases, hackers were after payment card track data on the back of a payment card (these are things like the three-digit code on the back of the card, needed for an in-person transaction).
- In 20% of the cases, attackers were after financial credentials or proprietary information like payment details.
There were two shocking highlights concerning both consumers’ and hackers’ behaviors, though. In the first instance, 81% of the victims did not discover on their own that they’d been hacked. Trustwave went on to reveal that self-examination vastly speeds up the time to response; in cases where the company discovers they’ve been hacked through self-monitoring, there are usually two weeks between the incident occurring and the company putting a stop to it, but in cases where companies are not running self-checks and uncovering suspicious behaviors, the average time between the breach and containment is over 150 days.
As for the hackers, Trustwave has revealed a crucial statistic when it comes to understanding why hacking events and data breaches are on the rise, and that’s the payout it provides for the criminals. In other words, why do they do it? The answer is, quite simply, because it works.
According to the report, “Attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment).” For very little financial investment and even less investment in manpower, hackers can make significant gains, largely thanks to the fact that businesses and consumers are doing their work for them. Weak security protocols, outdated POS systems, failure to recognize malicious spam emails, and useless passwords all offer thieves the opportunity to waltz right in and make some serious money.
So what should we do with this information now? According to Trustwave’s chairman, we must learn from it and adjust the way we do business.
“To defend against today’s sophisticated criminals, businesses must see attacks from their front windshield instead of their rear view mirror,” said Trustwave Chairman, Chief Executive Officer and President Robert J. McCullen. “By providing a wealth of current, actionable data breach trends and threat intelligence, our 2015 Trustwave Global Security Report helps businesses identify what’s coming so that they can engage the people, processes and technologies needed to thwart cybercrime attacks that can generate close to a 1,500 return on investment.”
To view the full 2015 Trustwave Global Security Report, go to https://www.trustwave.com/GSR