It’s that time of year again where we try to make sense of all the new research and statistics. Today, I give you the Trustwave 2013 Global Security Report which analyses 400 data breach investigations (compared to 300 in 2011) across 29 countries (compared to 18 in 2011). Unsurprisingly, 96% of the breaches involved the theft of customer records (payment card data, PII, email addresses), compared to 89% in 2011. Closer to home, this is confirmed by the CIFAS Fraudscape report published in March 2013, where, whilst total fraud in the UK only showed a 5% increase since 2011, abuse of identity fraud increased by a whopping 17.1%, correlating to the Trustwave report showing that out off all client-side attacks observed, 61% targeted Adobe Reader users via malicious PDFs, clearly pointing to social engineering.
Trend alert...
In 2012, 78% of the case load (from 85.3% in 2011) originated from the Food & Beverage, Retail and Hospitality industries (see last year’s report), with notable increases in Financial Services and Not For Profit organisations (other):
 |
| Percentage of breaches per sector – Trustwave GSR 2013 |
New for 2012 is the increase in mobile malware with a huge 400%. However, very few of the Trustwave forensic samples involved mobile devices which points to a lack of visibility of mobile devices within organisations. Trustwave also list their top 10 mobile vulnerabilities, which I guess will further inform the proposed OWASP mobile top 10 currently in development.
Note: whilst in 2011 more than one-third of breached entities in Food and Beverage, Retail and Hospitality targeted businesses operating franchise models, the 2012 report case load doesn’t give any indication as to the evolution of this trend.
Who, me?... Or the case for incident response
In 2012, 76% of organisations were notified of breaches by external entities (Regulatory, Law Enforcement, Third Party, Public) compared to 84% in 2011:
 |
| Breach Detection - Trustwave GSR 2013 |
Firstly, the March 2012 Symantec sponsored Ponemon Cost of a Data Breach Study (UK) seems to think so by highlighting that whilst the cost per compromised record increased from £71 in 2010 to £79 in 2011, the organisational costs decreased by 8% from £1.9M to £1.75M per breach suggesting that organisations have improved their performance in both preparing for and responding to a data breach (and the findings revealed that fewer records were being lost, with less customer churn). Other studies have found that the cost of a data breach is increasing, and this is perhaps symptomatic of the fact that attacks are now far more targeted. So while self-detection is improving, those that remain blissfully unaware (see earlier post) are facing higher costs to the increased sophistication of attack delivery and targetting. Criminals continue to automate the process of finding victims (through the identification of basic vulnerabilities) and extracting valuable data which lowers the cost of performing attacks, which in turn lowers the minimum yield for a victim to be of interest.
Secondly, whilst the average time from initial breach to detection was 7 months in 2012, the timeline from intrusion to containment has improved significantly over the previous year, with the majority of breaches being detected within 1 year, with 9% detected within 1 month (and even 5% within 10 days) as the chart below suggests:
 |
| Timeline of Intrusion to Containment - Trustwave GSR 2013 |
Until next time...
neirajones
Woah! I’m really digging the template/theme of this blog. It’s simple, yet effective. A lot of times it’s tough to get that “perfect balance” between superb usability and visual appearance. I must say you’ve done a great job with this. Also, the blog loads super quick for me on Opera. Outstanding Blog!
ReplyDeletela wedding venues
I admire this article for the well-researched content and excellent wording. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much. my review here
ReplyDeleteThanks so much for this information. I have to let you know I concur on several of the points you make here and others may require some further review, but I can see your viewpoint. check out the post right here
ReplyDeleteThanks so much for this information. I have to let you know I concur on several of the points you make here and others may require some further review, but I can see your viewpoint. check out the post right here
ReplyDeleteThis is highly informatics, crisp and clear. I think that everything has been described in systematic manner so that reader could get maximum information and learn many things. Tableau Data Blending
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteI don t have the time at the moment to fully read your site but I have bookmarked it and also add your RSS feeds. I will be back in a day or two. thanks for a great site.
ReplyDeletedata science certification malaysia
ReplyDeleteIt has fully emerged to crown Singapore's southern shores and undoubtedly placed her on the global map of residential landmarks. I still scored the more points than I ever have in a season for GS. I think you would be hard pressed to find somebody with the same consistency I have had over the years so I am happy with that.
data science training in noida
This comment has been removed by the author.
ReplyDeleteI just got to this amazing site not long ago. I was actually captured with the piece of resources you have got here. Big thumbs up for making such wonderful blog page!
ReplyDeletedata science course in coimbatore
data science course in guntur
ReplyDeletedata science course in guntur
Such a very useful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article.
ReplyDeletedata science course in ecil
You re in point of fact a just right webmaster. The website loading speed is amazing. It kind of feels that you're doing any distinctive trick. Moreover, The contents are masterpiece. you have done a fantastic activity on this subject!data science course malaysia
ReplyDeleteVery impressive and interesting blog found to be well written in a simple manner that everyone will understand and gain the enough knowledge from your blog being more informative is an added advantage for the users who are going through it. Once again nice blog keep it up.
ReplyDelete360DigiTMG Artificial Intelligence Course
I'd love to thank you for the efforts you've made in composing this post. I hope the same best work out of you later on too. I wished to thank you with this particular sites! Thank you for sharing. Fantastic sites!
ReplyDelete360DigiTMG Data Science Course
This is a great post. This post gives a truly quality information. I am certainly going to look into it. Really very helpful tips are supplied here. Thank you so much. Keep up the great works
ReplyDelete360DigiTMG Data Science Training
Really nice and intriguing post. I was trying to find this sort of advice and appreciated reading this one. Keep posting. Thank you for sharing.
ReplyDelete360DigiTMG Data Science Training Institute in Bangalore
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. hikedatabase.com/united-states/hiking-in-rhode-island/
ReplyDeleteHello there, I sign on to your new stuff like each week. Your humoristic style is clever, keep it up
ReplyDeletedata science courses in delhi
Please share more like that. Cheap CRM
ReplyDeleteVery good points you wrote here..Great stuff...I think you've made some truly interesting points.Keep up the good work.
ReplyDelete360digitmg
theplaynews
ReplyDeleteI will very much appreciate the writer's choice for choosing this excellent article suitable for my topic. Here is a detailed description of the topic of the article that helped me the most.
ReplyDeleteData Science Institute in Bangalore
I am delighted to discover this page. I must thank you for the time you devoted to this particularly fantastic reading !! I really liked each part very much and also bookmarked you to see new information on your site.
ReplyDeleteData Science Course in Pune
Now is the perfect time to plan for the future and now is the time to be happy. I have read this article and if I can I want to suggest some interesting things or suggestions to you. Perhaps you could write future articles that reference this article. I want to know more!
ReplyDeleteData Science Training in Pune
Woohoo! It is an amazing and useful article. I really like. It's so good and so amazing. I am amazed. I hope you will continue to do your job in this way in the future as well.
ReplyDeleteData Analytics Course in Bangalore
Really, this article is truly one of the best in article history. I am a collector of old "items" and sometimes read new items if I find them interesting. And this one that I found quite fascinating and should be part of my collection. Very good work!
ReplyDeleteDigital Marketing Course in Bangalore
Thanks, you for sharing this unique useful information content with us. Really awesome work. keep on blogging.
ReplyDeleteAWS Training in Hyderabad
AWS Course in Hyderabad
I just got to this amazing site not long ago. I was actually captured with the piece of resources you have got here. Big thumbs up for making such wonderful blog page!
ReplyDeletedata science training in malaysia
You have completed certain reliable points there. I did some research on the subject and found that almost everyone will agree with your blog.
ReplyDeleteData Analytics Course in Bangalore
Great Information sharing .. I am very happy to read this article .. thanks for giving us go through info.Fantastic nice. I appreciate this post.
ReplyDeletedata science training in malaysia
Very good message. I came across your blog and wanted to tell you that I really enjoyed reading your articles.
ReplyDeleteData Scientist Training and Placement Bangalore
Very good message. I came across your blog and wanted to tell you that I really enjoyed reading your articles.
ReplyDeleteData Science Course in Nashik
Well we really like to visit this site, many useful information we can get here.
ReplyDeletefull stack developer course
This is a wonderful article, Given so much info in it, These type of articles keeps the users interest in the website, and keep on sharing more ... good luck.
ReplyDeletedata science course in malaysia
It's like you've got the point right, but forgot to include your readers. Maybe you should think about it from different angles.
ReplyDeleteData Analytics Course in Nashik
I am another customer of this site so here I saw various articles and posts posted by this site,I curious more energy for some of them trust you will give more information further.
ReplyDelete360DigiTMG, the top-rated organisation among the most prestigious industries around the world, is an educational destination for those looking to pursue their dreams around the globe. The company is changing careers of many people through constant improvement, 360DigiTMG provides an outstanding learning experience and distinguishes itself from the pack. 360DigiTMG is a prominent global presence by offering world-class training. Its main office is in India and subsidiaries across Malaysia, USA, East Asia, Australia, Uk, Netherlands, and the Middle East.
ReplyDelete360DigiTMG is the most recommended Data Science course institute in Chennai. Get trained by top professionals from IIT, IIM and, ISB. Enroll now!
ReplyDeletebusiness analytics course in bhubaneswar