We all have an appreciation that things are getting worse with the impending tsunami of malware out there; however, the surprise in this particular survey by Trustwave this year is the lack of movement in the ranks to do anything about it. Whether it's a competence issue, defeatist mindset, or just apathy, either way, the consumer loses. There are definite measure that can be taken; however, no one seems to care.
While
payment card data continues to top the list of the types of Data compromised,
we saw a 33 percent increase in the theft of Sensitive and confidential
information such as financial credentials, Internal communications, personally
identifiable information and Various types of customer records.
E-Commerce Made Up 54 Percent Of Assets Targeted.
Point-Of-SALE (POS)
Breaches Accounted For 33 Percent of Investigations.
There are some categories
we wish the US didn’t lead in, so forgive us when we don’t chant, “U S A” on
this one.
Criminals
Relied Most ON Java Applets As A Malware Delivery Method
85 Percent Of The
Exploits Detected Were of Third-PARTY PLUG-Ins, Including JAVA And Adobe Flash,
ACROBAT And Reader.
71 Percent Of Compromise
Victims Did Not Detect Breaches Themselves.
Yah think?
This
should be no surprise to anyone. After
all criminal activity is not a non-profit entity.
59% Of Victims
Reside In The United STATES When ranking the top ten victim locations in our investigations,
59 percent of victims reside in the United States, making the country more than
four times as common as the next closest victim location, the United Kingdom,
at 14 percent. Australia ranked third, at 11 percent.
The Top three
Malware Hosting Countries were the United States (42 Percent), RUSSIA (13 Percent) And Germany (9 Percent).
If Jan Brady (Brady
Bunch, circa 1970) was in charge of Security she would say, “Java did it again, Java, Java, Java!”
This again surprises
no one…
For example, the
median number of days it took organizations that self-detected a breach to contain the breach
was one day, whereas it took
organizations 14 days to contain the breach when it was detected by a third party. This is the mindset
that many share, the post mortem action plan.
That is, wait til something hits, then do something.
Median Number of
Days From Initial Intrusion To Detection Was 87 Days.
Median Number Of Days From Detection TO Containment Was Seven Days.
Targeted malware was the threat IT pros felt the most pressure to protect against - with 64% noting increased pressure over the previous year.
Median Number of
Days From Initial Intrusion To Detection Was 87 Days.
This is the
one statistic that floors us… So when a company finally announces that they
have had a breach, this is probably 87 days after the actual breach, so the
idea of protecting your “Asset” is long gone.
Median Number Of Days From Detection TO Containment Was Seven Days.
Even worse.. now you
add another 7 days before anything is done to stop it, so now we are at 94 days
before anything changes post breach. In
essence, if your are not securing anything yourself, your not securing anything. Awesome.
Targeted malware was the threat IT pros felt the most pressure to protect against - with 64% noting increased pressure over the previous year.
 |
So with all this information, what can be done. There are several solid tools out there to prevent the malware from perverting your network assets, but it needs to be done locally. Waiting for the world to notify you is no way to run an IT shop.
Source(s):
- http://www2.trustwave.com/rs/trustwave/images/2014_Trustwave_Global_Security_Report.pdf?aliId=18197604
So “Once more unto the breach, dear friends, once more;”
____________________________________________________________
About Rick Ricker
An IT professional with over 22 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.
For more information, contact Rick at (800) 399-6085 x502
No comments:
Post a Comment
Thanks for your input, your ideas, critiques, suggestions are always welcome...
- Wasabi Roll Staff