MainMenu

E-commerce, not POS, make up majority of breached systems

May 27, 2014 | By 

Despite some highly publicized point-of-sale system breaches, POS systems were not the most targeted systems last year, according to a report by Trustwave, the security auditor at the center of Target breach that exposed personal data on 110 million customers.

Instead, e-commerce systems were the most targeted by cybercriminals, based on a study of 691 breach investigations across 24 countries and threat intelligence gathered by Trustwave.

Breaches of e-commerce systems made up 54 percent of assets targeted, followed by POS systems with 33 percent of 2013 breaches. E-commerce and POS system breaches are forecasted by Trustwave to dominate data breaches this year as well.

Malware was a favorite tool for cybercriminals to penetrate systems and extract data. A whopping 78 percent of malware exploits targeted vulnerabilities in Java applets. Other popular targets were Adobe Flash and Acrobat Reader. The United States was the top malware-hosting country, followed by Russia and Germany.

In a finding that probably makes security pros throw up their hands in exasperation, Trustwave found that 96 percent of applications had one or more serious security vulnerabilities, many of which should have been caught and fixed in the app development and production phases.

As pointed out in a Dashlane infographic published by FierceITSecurity, bad password policies are rampant in the online world. Weak passwords were also identified by Trustwave as the source of close to one-third of breaches it examined.

Close to three-fourths of data breach victims did not know they had been compromised. Instead, they had to rely on third parties to inform them, lengthening the time it took to contain breaches.

“Security is a process that involves foresight, manpower, advanced skillsets, threat intelligence and technologies.  If businesses are not fully equipped with all of these components, they are only increasing their chances of being the next data breach victim,” concludes Robert McCullen, chairman and CEO at Trustwave.

For more:
– check out the Trustwave release
– read the full report (reg. req.)

Powered by WordPress. Designed by Woo Themes