News Feature | June 25, 2015

Trustwave's 2015 Global Security Report: What IT Solutions Providers Need To Know

By Ally Kutz, contributing writer

Trustwave’s 2015 Global Security Report: What IT Solutions Providers Need To Know

Cybercriminals are making money from your prospects and clients. They are making an estimated 1,425 percent ROI for exploit kit and ransomware schemes, according to Trustwave’s 2015 Global Security Report. In other words, on an investment of $5,900 for a one-month ransomware campaign, criminals can profit about $84,000.

In 2014, retail was the most compromised industry, making up almost 45 percent of Trustwave’s investigations; food and beverage accounted for 13 percent, while hospitality was at 12 percent.

Of data breaches in retail, 64 percent were e-commerce assets while 27 percent were point of sale (POS) assets. Also noted, 95 percent of food and beverage compromises and 65 percent of hospitality compromises happened via POS systems.

In 31 percent of the cases Trustwave studied, attackers targeted track data — up 12 percent from 2013 — and 20 percent of the time attackers sought out financial credentials or proprietary information — down 25 percent from 2013. This indicates attackers shifted focus back to payment card data this past year.

During the research, Trustwave experts confronted more than 15 different family groups of malware and more than 70 individual variants that targeted POS systems.

The study found that weak remote access security or weak passwords were the cause of or contributed to 94 percent of POS breaches. For businesses, the average length of time it took to detect a breach was 86 days, while the average containment of a breach was 111 days.

The study also found your clients and prospects can probably use some help educating their employees about password management. The study reveals that “password1” is still the most common password. In addition, 39 percent of passwords are only eight characters long — it is estimated that it takes only one day to crack an eight-character password, while ten-character passwords take an estimated 591 days. Of the almost 500,000 passwords sampled by Trustwave, 51 percent were cracked within 24 hours and 88 percent within two weeks, with 15 percent of those cracked by experts using a variation of basic names and places, with the top 2,000 baby names for this year being most common.

To download the full report, click here.