Point-of-sale attacks accounted for a third of all data breaches in 2013
However, a significant rise in attacks targeting sensitive data not related to payment cards was also observed, Trustwave says
IDG News Service - A third of data breaches investigated by security firm Trustwave last year involved compromises of point-of-sale (PoS) systems and over half of all intrusions targeted payment card data.
Even though PoS systems remained a significant target for attackers, as suggested by several high-profile data breaches disclosed by large retailers over the past six months, the largest number of data theft incidents last year actually involved e-commerce sites, Trustwave said Wednesday in a report that compiled data from 691 data breach investigations conducted by the company around the world.
E-commerce intrusions accounted for 54 percent of investigated data breaches and PoS system intrusions accounted for 33 percent, Trustwave said. A separate report published by Verizon in April also pointed to Web application and PoS attacks as leading causes of security incidents with confirmed data disclosure last year.
According to Trustwave, over half of intrusions targeted payment-card data, with such data being stolen from e-commerce transactions in 36 percent of incidents and from PoS transactions in 19 percent of attacks.
In Western Europe in particular, where countries have rolled out EMV -- chip-and-PIN payment card transactions -- cybercriminals shifted their focus from PoS devices to e-commerce platforms, said John Yeo, EMEA Director at Trustwave. "EMV has changed the pattern of compromises when it comes to payment-card-specific data."
However, a significant increase in the theft of sensitive, non-payment-card data, was also observed last year. This data includes financial credentials, personally identifiable information, merchant ID numbers and internal company communications, and was stolen in 45 percent of incidents, Trustwave said in the report.
Customer records containing personally identifiable information can possibly be used to perpetrate identity fraud and are sought after on the black market, so that's why there's been an uptick in attacks focusing on such data, Yeo said.
Only about a third of victim companies were able to self-detect data breaches, Trustwave found. In 58 percent of cases, breaches were identified by regulatory bodies, the credit card companies or merchant banks.
Organizations that self-detect are actually able to contain a breach much faster than organizations that are notified by third parties, Yeo said. "The median amount of time to contain a breach for organizations that self-detected the compromise was a single day, whereas for organizations notified by third-parties the median amount of time for containment was 14 days."
Obviously, the longer a breach goes on, from the point of intrusion to the point of containment, the greater number of records are potentially exposed and the greater the breach cost, Yeo said.
One encouraging finding is that upon discovering a breach, internally or with external help, 67 percent of victims were able to contain it within 10 days. However, the average time it took companies to actually detect an intrusion from the time when it occurred was 87 days.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts