It’s that time of year again where we try to make sense of all the new research and statistics. Today, I give you the Trustwave 2013 Global Security Report which analyses 400 data breach investigations (compared to 300 in 2011) across 29 countries (compared to 18 in 2011). Unsurprisingly, 96% of the breaches involved the theft of customer records (payment card data, PII, email addresses), compared to 89% in 2011. Closer to home, this is confirmed by the CIFAS Fraudscape report published in March 2013, where, whilst total fraud in the UK only showed a 5% increase since 2011, abuse of identity fraud increased by a whopping 17.1%, correlating to the Trustwave report showing that out off all client-side attacks observed, 61% targeted Adobe Reader users via malicious PDFs, clearly pointing to social engineering.
In 2012, 78% of the case load (from 85.3% in 2011) originated from the Food & Beverage, Retail and Hospitality industries (see last year’s report), with notable increases in Financial Services and Not For Profit organisations (other):
|Percentage of breaches per sector – Trustwave GSR 2013|
New for 2012 is the increase in mobile malware with a huge 400%. However, very few of the Trustwave forensic samples involved mobile devices which points to a lack of visibility of mobile devices within organisations. Trustwave also list their top 10 mobile vulnerabilities, which I guess will further inform the proposed OWASP mobile top 10 currently in development.
Note: whilst in 2011 more than one-third of breached entities in Food and Beverage, Retail and Hospitality targeted businesses operating franchise models, the 2012 report case load doesn’t give any indication as to the evolution of this trend.
Who, me?... Or the case for incident response
In 2012, 76% of organisations were notified of breaches by external entities (Regulatory, Law Enforcement, Third Party, Public) compared to 84% in 2011:
|Breach Detection - Trustwave GSR 2013|
Firstly, the March 2012 Symantec sponsored Ponemon Cost of a Data Breach Study (UK) seems to think so by highlighting that whilst the cost per compromised record increased from £71 in 2010 to £79 in 2011, the organisational costs decreased by 8% from £1.9M to £1.75M per breach suggesting that organisations have improved their performance in both preparing for and responding to a data breach (and the findings revealed that fewer records were being lost, with less customer churn). Other studies have found that the cost of a data breach is increasing, and this is perhaps symptomatic of the fact that attacks are now far more targeted. So while self-detection is improving, those that remain blissfully unaware (see earlier post) are facing higher costs to the increased sophistication of attack delivery and targetting. Criminals continue to automate the process of finding victims (through the identification of basic vulnerabilities) and extracting valuable data which lowers the cost of performing attacks, which in turn lowers the minimum yield for a victim to be of interest.
Secondly, whilst the average time from initial breach to detection was 7 months in 2012, the timeline from intrusion to containment has improved significantly over the previous year, with the majority of breaches being detected within 1 year, with 9% detected within 1 month (and even 5% within 10 days) as the chart below suggests:
|Timeline of Intrusion to Containment - Trustwave GSR 2013|
Until next time...