Retailers lead in data breaches but improve e-comm cyber security: Trustwave

The 2017 Trustwave Global Security Report released this week shows retail still leading other industries in vulnerability to data breaches. However, it reveals improvements in cyber security around e-commerce.

The report shows an increase in the percentage of data breaches affecting POS systems, and a reduction in the percentage of incidents affecting e-commerce systems.

Commenting on the reduction in breaches of e-commerce environments, Lawrence Munro, worldwide VP of Spiderlabs, Trustwave’s “elite team of ethnical hackers, forensic investigators and researchers”, said this would have been partly due to increased use of more secure infrastructure.

“There’s been a shift towards hosting frameworks such as Akamai, the content delivery network, or Cloudflare, the caching reverse proxy service,” he told Retail Risk News.

E-comm players have also been eliminating components with known vulnerabilities, Trustwave comments, adding that in some cases, banks are mandating the changes.

The Trustwave Global Security Report (GSR) comes out annually and is based on data gathered from hundreds of breach investigations and billions of security and compliance events.

Headquartered in Chicago, Trustwave helps businesses fight cybercrime, protect data and reduce security risk, using cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers. The company says more than three million businesses in 96 countries are enrolled in the Trustwave TrustKeeper® cloud platform.

This year the GSR shows some marked improvements in breach detection and handling, particularly by businesses that have invested in cyber security.

Data breach detection times have fallen, and once detected, victims are containing breaches more quickly.

The median number of days from an intrusion to detection of a compromise decreased to 49 days in 2016 from 80.5 days in 2015. Where the incident was detected internally the median was 16 days, compared with 65 for externally detected incidents.

Similarly, internally detected compromises were contained more quickly than externally detected ones.

Where containment occurred after detection, the median time lag from detection to containment was just two days for internally detected breaches compared with 22 days for externally detected breaches.

Trustwave comments that the same tools and techniques which enable businesses to detect breaches on their own or
 in partnership with a security provider often make it possible to respond within days or even minutes of a breach.

Overall, the GSR shows North America and retail lead in data breaches, as in previous years. 49% of data breaches investigated by Trustwave were in North America, while 21% were in Asia-Pacific, 20% in Europe, Middle East and Africa, and 10% in Latin America.

The single largest share of incidents involved the retail industry at 22%, followed closely by food and beverage at nearly 20%. There was a big increase in incidents affecting POS systems while breaches of e-commerce environments fell.

2016 saw incidents affecting POS systems increase to 31% of the total, from 22% in 2015, while incidents affecting e-commerce environments fell to 26% from 38%.

POS breaches were most common in North America, which has been slower than much of the world to adopt the EMV payment card standard.

More than half of the incidents investigated targeted payment card data: Card track (also called magnetic stripe) data, at 33% of incidents, primarily came from POS environments. Card-not-present (CNP) data, at 30%, mostly came from e-commerce transactions. Financial credentials, including account names and passwords for banks and other financial institutions, accounted for 18% of incidents, followed by other targets.

Trustwave found that despite some improvements in cyber security, nearly all web applications still contain vulnerabilities.

99.7% of web applications Trustwave’s application scanning services tested in 2016 included at least one vulnerability, up from 96% in 2013, while the mean number of vulnerabilities detected was 11 per application, down from 14 in 2015.

Lawrence Munro commented: “It all comes down to general hygiene really. We are still seeing the basics going wrong. There is a list of the 10 most commonly exploited vulnerabilities globally across web applications which is commonly used as a baseline. We would normally say those vulnerabilities have to be fixed first, and most of what we saw would have failed that baseline.”