According to the results of the Trustwave 2012 Global Security Report, nearly 89% of breaches they investigated involved attempts at obtaining personally identifiable information (PII) such as credit card information or other customer data.
The report, based on 300 data breach investigations and 2,000 penetration tests performed worldwide last year by its own SpiderLabs, shows that cybercrime is changing and that some industries and data types are more at risk than others.
According to their data, the food & beverage industry accounted for the largest number of data breach investigations (44% of the 300 investigations) and that industries with franchise models were particularly at risk.
The report draws particular attention to the issue of passwords and how poor password practices are leading to unnecessary data breaches. According to their analysis of more than 2 million business passwords, the most common password used globally by businesses is "Password1", which satisfies basic precautions of having a capital letter and a number within the password. Many companies are also failing to revoke temporary administrative accounts, leaving a way 'in' to the network using 'valid' credentials.
“An abundance of networks and systems were still found vulnerable to legacy attack vectors; many of these vectors date back 10 years or more,” Trustwave said. “Organizations are implementing new technology without decommissioning older, flawed infrastructure.”
In terms of detecting data breaches, only 16% of victimized organizations detected the breach on their own; in other cases, the breach was brought forward by a regulatory agency, law enforcement or the public. The average time after a breach but before detection was 173.5 days - a long time for data to be unsecured.
It's clear from this data that a number of data security practices are being overlooked, from basic password security to data monitoring, to catch breaches. For more on this, as well as some strategic recommendations, read the report here.