3 Key Insights from the 2014 Trustwave Global Security Report


Trustwave — a cybercrime-fighting business that recently endorsed the use of a personal VPN on Chicago’s ABC7 — has lots of insights in its new 2014 Trustwave Global Security Report.

We are always excited to read new reports on issues relating to identity theft, but it is of special interest to us here at the ITRC. These reports help us to understand what the people who call our victim assistance center may be experiencing and improve our ability to help them.

In addition, we are able to further refine our recommendations of best practices for businesses in order to help them avoid a data breach. This year, the report analyzed 691 data breach investigations to see how information was being stolen, what kind of information was being stolen, and who the information was being stolen from.

Here are three things we thought were key points in the 2014 Trustwave Global Security Report:

  • Payment card data is still the top target for criminals: Most of the very large breaches we have seen lately are ones in which card data is targeted. This is important to note because dealing with a data breach in which card data is lost is much easier than if sensitive personal identifying information is exposed during a breach. When card data is exposed and used fraudulently, a consumer can report the activity, and have a new card issued. If their Social Security number or sensitive financial information is used by a criminal, the mitigation process is going to be much more difficult, and perhaps even a lifelong battle. However, the report does state that while payment card data still held on to the number one spot as a target of criminals, 45% of data theft involved other types of information including this very sensitive information.
  • Institutions where a data breach was discovered internally rather than externally took much less time to remedy: The report states that 71% of victims did not detect breaches themselves. These organizations were either made aware of the incident by a customer, regulators, or financial institutions. Those organizations that did detect the intrusion themselves had a median rate of one day to contain the breach, while those who had to be notified by outside sources had a median rate of two weeks to contain it. Considering the time, money, and damage to reputation, the less time spent on containing a breach, the better. Therefore, companies should be constantly searching for intrusions into their systems and pen testing to make sure they are on top of any data breaches.
  • Insufficient passwords are the leading vulnerability to information databases: We have said it before and it looks like we will keep saying it: passwords are very important! According to the Trustwave report, weak passwords contributed to 31% of intrusions. Think about that: one-third of data breaches occurred from something totally preventable! Companies using weak passwords, or default passwords, are opening themselves up to serious vulnerability. Passwords should be long and strong and companies should employ multi-factor authentication whenever possible.

This information is incredibly helpful to anyone who wants to protect themselves or their company from a data breach. It tells us what the criminals are doing and how they are doing it, which in turn helps us to take better preventative measures against data breaches.

With a new data breach hitting the news daily, it seems, this information could not be more important. We hope everyone will take a look at the report and learn how to better protect themselves.

Editor’s note: Watch the full video below to hear the Trustwave team discuss the risks of public WiFi.

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Eva Velasquez

Eva Velasquez is the President/CEO at the Identity Theft Resource Center, a non-profit organization which serves victims of identity theft. Velasquez previously served as the Vice President of Operations for the San Diego Better Business Bureau and spent 21 years at the San Diego District Attorney’s Office. Eva has a passion for consumer protection and privacy issues and is constantly striving to educate the public about these important topics. She is recognized as a nationwide expert on identity theft and has recently been featured on the Ricki Lake show and MORE magazine, as well as numerous other outlets.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.