New survey shows commercial cyber attacks continue to grow, but cyber-cops are getting better, too.
A new report by cybersecurity think tank Trustwave revealed incidents of online hacking and other cybercrimes against businesses continue to increase year after year, but the rates at which those crimes are first discovered by police, and the likelihood of the perpetrators being brought to justice, are also up sharply.
Two years ago, only about 7% of all online attacks against commercial enterprises were first detected by local or federal law enforcement, while the victimized business itself made the initial discovery of a security breach 20% of the time. In the remaining cases, it took a third party (regulatory agencies or the general public) to first discover and report a breach. In 2011, self-detection of cyberattacks by businesses actually dropped to 16%, but the rate of initial breach notification by law enforcement increased nearly five-fold from 7% to 33%. According to Trustwave, this shows a significant increase in the capability of police and federal authorities to identify an online attack at the very earliest stages, dramatically improving the possibility that a victimized business can mitigate any damage to its systems or theft of its sensitive data. This also makes it much more likely that law enforcement agencies will be able to identify and apprehend hackers before they are able to cover their digital tracks and escape detection.
In its “2012 Global Security Report,” Trustwave credits the U.S. Secret Service and the efforts of the Electronic Crime Task Force for the improved detection ability among law enforcement agencies, but much work remains to be done. In 46% of cyberattacks in 2011, it was still a regulatory agency that first alerted a victim business that their systems had been compromised. In those cases, where a third party was first to identify an online attack, hackers had access to a victim’s online systems for an average of 173.5 days before criminal activities were detected and additional security measures enacted.
Customer credit card data and other personal information was far and away the most sought after prize for hackers in 2011 and businesses that handle and keep a significant amount of that data were the most popular targets. More than 43% of all cyberattack victims in 2011 were food and beverage retailers, while other consumer retailers accounted for another 33.7%. New this year, however, was a spike in the theft of Electronic Protected Health Information (ePHI), otherwise known as electronic medical records. About 3% of cyberattacks identified by Trustwave in 2011 involved this type of data.
Other interesting findings from the Trustwave report reveal the relative inability of anti-virus software to prevent or detect online attacks. Of the various malware samples collected and cataloged by Trustwave in 2011, commercial anti-virus products detected them only 12% of the time. In addition, password security remains a serious threat to system integrity - even in large, sophisticated firms. Trustwave analysis shows the most common password used by businesses worldwide is “Password1” because it satisfies the default password complexity requirements of popular Microsoft database software.
To help stem the tide of cyber attacks against businesses, Trustwave identified several priorities companies can embrace to stop data breaches before they occur. The first, and most effective, line of defense against online commercial data theft is an educated workforce trained specifically in data security. Standardizing computer hardware and software throughout different divisions of an enterprise can also help close many of the digital loopholes cybercriminals use to access data. Trustwave also recommends all digital assets within a company be registered and inventoried and all internal online activity be logged by user to help identify data access from outsiders.
Source: “Trustwave 2012 Global Security Report”