The food and beverage industry made up 44% of data breach investigations conducted by SpiderLabs in 2011. The report’s findings are based on more than 300 data breach investigations and 2,000 penetration tests performed last year by SpiderLabs.
“The food and beverage industry was the top target of our investigations. That may be surprising. Most people might think that banks and governments would be at the top of the list”, said Nicholas J. Percoco, head of SpiderLabs.
“The criminal element wants to turn their criminal activity into money as quickly as they can. They go after the food and beverage industry because it tends to have high transaction volume….The criminals have found that those organizations have a low barrier to entry from an infiltration standpoint. Once they are in the environment, the lack of security awareness within those organizations affords them almost unlimited amounts of time to aggregate that data. They are then able to exfiltrate that data out of the environment and use it for fraudulent activities”, Percoco told Infosecurity.
Criminals are able to stay undetected in the breached environment for an average of 173.5 days, he noted.
Trustwave also found that franchise and chain stores are the top targets primarily because franchises often use the same IT systems across stores. If a cybercriminal can compromise a system in one location, they likely can duplicate the attack in multiple locations. More than one-third of 2011 investigations occurred in a franchise business, and this number is expected to rise in 2012.
According to the report, customer records remain a valuable target for attackers, making up 89% of breached data investigated. While trade secrets or intellectual property followed at a distant 6%, highly targeted attacks designed to go after that type of data remain a growing concern.
In addition, SpiderLabs found that global businesses still allow employees and system administrators to use weak passwords. Analyzing the usage and weakness trends of more than two million business passwords, Trustwave found that the most common password used by global businesses is "Password1" as it satisfies the default Microsoft Active Directory complexity setting.
“One of the top problems from an infiltration standpoint is remote access. This is a often the result of weak passwords”, Percoco observed.
Self-detection of compromises decreased in 2011 and only 16% of victimized organizations were able to detect the breach themselves, the report found. The remaining 84% relied on information reported to them by an external entity: regulatory, law enforcement, or the public.