The United States led the world in retail data breaches during 2016, according to the new 2017 Trustwave Global Security Report.
According to the report, 49% of data breaches investigated by Trustwave were in North America, while 21% were in Asia-Pacific, 20% in Europe, Middle East and Africa, and 10% in Latin America. The largest single share of incidents involved the retail industry, at 22%, followed closely by the food and beverage industry, at nearly 20%.
The report was compiled from real-world data gathered from hundreds of breach investigations Trustwave conducted in 2016 across 21 countries and demonstrates both good and bad news in the world of cybersecurity.
Unsurprisingly, the boon in retail breaches was accompainied by an increased targeting of Point-of-Sale (POS) systems; Incidents affecting POS systems increased to 31% in 2016, from 22% in 2015, and were most common in North America, according to the Trustwave Report. This is due in large part to the US’s hesitancy to adopt toe EMV payment card standard, says Trustwave.
ore than half of the incidents investigated targeted payment card data: Card track (also called magnetic stripe) data, at 33% of incidents, primarily came from POS environments. Card-not-present (CNP) data, at 30%, mostly came from e-commerce transactions. Financial credentials, including account names and passwords for banks and other financial institutions, accounted for 18% of incidents, followed by other targets.
The report wasn’t all bad news, though. Trustwave found that the median number of days from an intrusion to detection of a compromise decreased to 49 days in 2016 from 80.5 days in 2015, with values ranging from zero days to almost 2,000 days (more than five years). For internally detected incidents the median was 16 days, while 65 was the median number of days for externally detected incidents.
On top of that, once they’d been detected, breaches are being contained rather quickly, says Trustwave. The median number of days from detection to containment was 2.5 in 2016 with values ranging from −360 days, meaning the intrusion ended 360 days before detection, to 289 days. In cases where containment occurred after detection, the median duration was 13 days from detection to containment.
“Cybersecurity in 2016 had both highlights and lowlights. As our data breach investigations and threat intelligence show attackers continue to evolve their tactics and focus on extreme paydays as cybercrime becomes more like genuine businesses. Meanwhile security skills and talent remain scarce,” said Trustwave CEO Robert J. McCullen.
“As an industry, we must continue to focus on key areas like threat detection and response, security scanning and testing and cloud security services that provide meaningful layers of protection from constantly evolving threats.”
- Five Questions You Need To Ask Yourself When Evaluating SIEM Solutions - November 8, 2017
- Winning the Data Breach War with User and Entity Behavioral Analytics - November 3, 2017
- 5 Alternatives to The Gartner Magic Quadrant for SIEM - October 31, 2017