Cybercriminals target retailers more often, Trustware says
By Jay Keller
The retail industry comprised the highest percentage of cybercrime investigations in 2012 with Web applications emerging as the most popular attack vector for criminals, global security company Trustware said on Tuesday.
Retail businesses accounted for 45 percent of all security issues for the first time in three years with e-commerce sites becoming the most-targeted asset, according to the 2013 Global Security Report.
The Global Security Report uses Trustware’s enterprise data and research to identify the most-serious and common vulnerabilities, how cybercriminals are breaking in and what they’re mostly likely to steal.
Trustware says that cybercriminals are drawn to the wealth of data housed by retailers, especially personal and credit card information, and provided a number of reasons for the shift.
Data found that mobile malware grew by 400 percent last year with Android devices having the most security problems.
Trustware warns that businesses need to understand the unintended risks that outsourced IT operations can pose as most incidence-response investigations featured third-party vendors a retailer used in cost-cutting measures.
Businesses were also urged to be more vigilant and take proactive measures to secure their assets going forward.
Retailers are slow to “self-detect” breach activity, Trustware says, oftentimes taking an average of 210 days to find out their site had been compromised.
In fact, 64 percent of victim organizations took over 90 days to detect an intrusion and five percent of these organizations took longer than three years to identify criminal activity.
Ironically, data found that many businesses rely on weak or non-unique passwords to gain entry to sensitive systems.
Of the three million user passwords analyzed in the study, 50 percent lack basic security measures and “Password1” remains the most-common password used by global businesses.
The 2013 malware research found nearly 10 percent of email spam to be malicious but said that overall spam message volume shrank to 75 percent of all inbound mail over past three years.
“Cybercriminals will never stop trying to compromise systems to obtain data,” Trustware cautions in the 2013 Global Security Report. “Organizations need to be aware of where they may be open to attacks, how attackers can enter their environment and what to do if (and when) an attack occurs.”