Trustwave — a cybercrime-fighting business that recently endorsed the use of a personal VPN on Chicago’s ABC7 — has lots of insights in its new 2014 Trustwave Global Security Report.
We are always excited to read new reports on issues relating to identity theft, but it is of special interest to us here at the ITRC. These reports help us to understand what the people who call our victim assistance center may be experiencing and improve our ability to help them.
In addition, we are able to further refine our recommendations of best practices for businesses in order to help them avoid a data breach. This year, the report analyzed 691 data breach investigations to see how information was being stolen, what kind of information was being stolen, and who the information was being stolen from.
Here are three things we thought were key points in the 2014 Trustwave Global Security Report:
- Payment card data is still the top target for criminals: Most of the very large breaches we have seen lately are ones in which card data is targeted. This is important to note because dealing with a data breach in which card data is lost is much easier than if sensitive personal identifying information is exposed during a breach. When card data is exposed and used fraudulently, a consumer can report the activity, and have a new card issued. If their Social Security number or sensitive financial information is used by a criminal, the mitigation process is going to be much more difficult, and perhaps even a lifelong battle. However, the report does state that while payment card data still held on to the number one spot as a target of criminals, 45% of data theft involved other types of information including this very sensitive information.
- Institutions where a data breach was discovered internally rather than externally took much less time to remedy: The report states that 71% of victims did not detect breaches themselves. These organizations were either made aware of the incident by a customer, regulators, or financial institutions. Those organizations that did detect the intrusion themselves had a median rate of one day to contain the breach, while those who had to be notified by outside sources had a median rate of two weeks to contain it. Considering the time, money, and damage to reputation, the less time spent on containing a breach, the better. Therefore, companies should be constantly searching for intrusions into their systems and pen testing to make sure they are on top of any data breaches.
- Insufficient passwords are the leading vulnerability to information databases: We have said it before and it looks like we will keep saying it: passwords are very important! According to the Trustwave report, weak passwords contributed to 31% of intrusions. Think about that: one-third of data breaches occurred from something totally preventable! Companies using weak passwords, or default passwords, are opening themselves up to serious vulnerability. Passwords should be long and strong and companies should employ multi-factor authentication whenever possible.
This information is incredibly helpful to anyone who wants to protect themselves or their company from a data breach. It tells us what the criminals are doing and how they are doing it, which in turn helps us to take better preventative measures against data breaches.
With a new data breach hitting the news daily, it seems, this information could not be more important. We hope everyone will take a look at the report and learn how to better protect themselves.
Editor’s note: Watch the full video below to hear the Trustwave team discuss the risks of public WiFi.