Point-of-sale attacks accounted for a third of all data breaches in 2013
However, a significant rise in attacks targeting sensitive data not related to payment cards was also observed, Trustwave says
IDG News Service - A third of data breaches investigated by security firm Trustwave last year involved compromises of point-of-sale (PoS) systems and over half of all intrusions targeted payment card data.
Even though PoS systems remained a significant target for attackers, as suggested by several high-profile data breaches disclosed by large retailers over the past six months, the largest number of data theft incidents last year actually involved e-commerce sites, Trustwave said Wednesday in a report that compiled data from 691 data breach investigations conducted by the company around the world.
E-commerce intrusions accounted for 54 percent of investigated data breaches and PoS system intrusions accounted for 33 percent, Trustwave said. A separate report published by Verizon in April also pointed to Web application and PoS attacks as leading causes of security incidents with confirmed data disclosure last year.
According to Trustwave, over half of intrusions targeted payment-card data, with such data being stolen from e-commerce transactions in 36 percent of incidents and from PoS transactions in 19 percent of attacks.
In Western Europe in particular, where countries have rolled out EMV -- chip-and-PIN payment card transactions -- cybercriminals shifted their focus from PoS devices to e-commerce platforms, said John Yeo, EMEA Director at Trustwave. "EMV has changed the pattern of compromises when it comes to payment-card-specific data."
However, a significant increase in the theft of sensitive, non-payment-card data, was also observed last year. This data includes financial credentials, personally identifiable information, merchant ID numbers and internal company communications, and was stolen in 45 percent of incidents, Trustwave said in the report.
Customer records containing personally identifiable information can possibly be used to perpetrate identity fraud and are sought after on the black market, so that's why there's been an uptick in attacks focusing on such data, Yeo said.
Only about a third of victim companies were able to self-detect data breaches, Trustwave found. In 58 percent of cases, breaches were identified by regulatory bodies, the credit card companies or merchant banks.
Organizations that self-detect are actually able to contain a breach much faster than organizations that are notified by third parties, Yeo said. "The median amount of time to contain a breach for organizations that self-detected the compromise was a single day, whereas for organizations notified by third-parties the median amount of time for containment was 14 days."
Obviously, the longer a breach goes on, from the point of intrusion to the point of containment, the greater number of records are potentially exposed and the greater the breach cost, Yeo said.
One encouraging finding is that upon discovering a breach, internally or with external help, 67 percent of victims were able to contain it within 10 days. However, the average time it took companies to actually detect an intrusion from the time when it occurred was 87 days.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts