The latest Trustwave Global Security Report has confirmed that cybercriminals targeted the retail sector in greater numbers than ever before in 2012, in news that may be of interest to any organisation concerned about ongoing vulnerability management.
Of all the cyber security incidents investigated by TrustWave last year, 45 per cent were in the retail industry – an increase of 15 per cent over the number reported in 2011.
Meanwhile 24 per cent of incidents were found to be in the food and beverage industry, while nine per cent were in the hospitality sector.
The financial services industry was the next most commonly targeted, with seven per cent of all reported incidents, while non-profit organisations rounded out the top five with three per cent of incidents coming from this sector.
In news that highlights the importance of Payment Card Industry Data Security Standard (PCI DSS) adherence, a massive 96 per cent of data targeted by cybercriminals in 2012 was customer records such as credit and debit card data.
The Trustwave report also revealed alarming news surrounding the length of time it takes an organisation impacted by a cyber security breach to even detect what has happened.
The average time it took an organisation to determine a data breach had occurred in 2012 was 210 days – around seven months in total – more than a month longer than it took affected enterprises to detect unauthorised access in 2011.
Shockingly, around 14 per cent of cyber attacks are not even detected until up to two years after the incident actually occurred, according to Trustwave.
That news highlights just how important regular and thorough security audit evaluations are, as the effects of a data breach can affect an organisation for many months after the fact.
Trustwave chief executive officer Robert J. McCullen has noted that developers need to take responsibility for ensuring that they are prepared to combat and deal with cyber security incidents – and his words should serve as a stark reminder for any Australian based organisation which may not be fully mitigating the risk of a data breach.
"Businesses should take a step back and re-evaluate their security posture," said Mr McCullen, as reported by Info Security Magazine in an article published February 12.
"All developers, particularly in the e-commerce industry, should implement a full lifecycle security plan that includes thoroughly educating themselves and their employees, equipping themselves with the best tools to protect themselves against attacks and making sure they are using the most reliable resources for zero day detection."