Friday , March 29, 2024

Hackers Find Fertile Ground in North America and in Stores, Trustwave Reports

By Jim Daly
@DTPaymentNews

North America remains by far the source of most data breaches investigated by Trustwave Holdings Inc., a big security-services and technology provider that operates worldwide, and the retail industry takes the lead in breaches despite the coming of EMV chip card payments to the U.S.

Those are two of many findings from Chicago-based Trustwave’s newly released 2017 Global Security Report. Trustwave compiled the 92-page report from “hundreds” of data-security incidents it investigated last year in 21 countries. The company would not release the exact number.

Some 49% of Trustwave-investigated data compromises occurred in North America, far more than No. 2 region Asia-Pacific, at 21%. A close third was Europe-Middle East-Africa at 20%, followed by Latin America and the Caribbean, 10%.

By industries compromised, retailers led the pack at 22% of incidents investigated, followed by the food-and-beverage industry at 20%, the finance and insurance sector at 14%, and hospitality, 12%. All other industries scored in the single digits.

And by environment, compromises of corporate and internal-network compromises accounted for 43% of Trustwave’s 2016 investigations, up from 40% in 2015, while point-of-sale incidents jumped to 31% from 22% the year before. E-commerce incidents fell to 26% from 38% in 2015.

“Incidents involving point-of-sale systems were most common in North America, which has been slow to adopt the Europay, MasterCard and Visa (EMV) chip standard for payment cards,” the report says. Citing Visa Inc. data, Trustwave noted that only 38% of U.S. storefronts could process EMV chip card transactions as of last November.

More than half the incidents Trustwave investigated targeted payment card data. They included magnetic-stripe data, also known as track data, at 33% of incidents, most from POS environments, and card-not-present data, mostly from e-commerce transactions, at 30%. Financial credentials such as user names and passwords for banks and other institutions accounted for 18%.

“As our data-breach investigations and threat intelligence show, attackers continue to evolve their tactics and focus on extreme paydays as cybercrime becomes more like genuine businesses,” Trustwave president and chief executive Robert J. McCullen said in a news release. “Meanwhile security skills and talent remain scarce. As an industry, we must continue to focus on key areas like threat detection and response, security scanning and testing, and cloud security services that provide meaningful layers of protection from constantly evolving threats.”

Regarding malicious software, Trustwave estimated that the cost to infect 1,000 computers with so-called malvertisements—online ads that can plant malware—was only $5, or less than 1 cent per machine, in 2016. Some 83% of malware samples Trustwave examined used obfuscation—techniques to disguise the software—while 36% used encryption.

Meanwhile, vendors patched 170 vulnerabilities in the most common database products last year, up from 139 in 2015, Trustwave said.

Check Also

Buying Groups Might—or Might Not—Give Merchants More Negotiating Power with the Card Networks

Card-acceptance costs and network rules weren’t the only subjects covered by the sweeping settlement revealed …

Digital Transactions