Food and beverage industry tops Trustwave list of industry data breaches

Coming in second was the retail industry, with 18% of breaches in 2010; third was hospitality, with 10%; government, with 6%; and financial, 6%, according to the report.

The top three targets of attacks are payment card data, which made up 85% of the cases; sensitive company data, with 8%; and trade secrets with 3%.

“Payment card data has the greatest value for the criminals; they can take data off those systems and then manufacture counterfeit credit cards and sell them on the street…We also saw a jump in attacks targeting sensitive company data and trade secrets data”, said Nicholas Percoco, head of Trustwave’s SpiderLabs, which conducted the study.

The report also found that third-party vendors continue to put companies at risk, with 88% of breaches resulting from insecure software code or lax security practices in the management of third-party technology.

In addition, the company judged that a single organized crime syndicate may be responsible for more than 30% of all 2010 data breaches.

SpiderLabs judged that client-side attacks, mobile attacks, and social network attacks will pose the biggest threats in the years ahead.

“An attacker wants to get access to the end user, whether it’s a mobile device, laptop, or corporate workstation….Attackers are targeting flaws in document readers, video players, and web browsers….It’s a real good method for getting access to end users”, Percoco told Infosecurity.

SpiderLabs warned that mobile devices offer cybercriminals an open door to corporate authentication credentials, sensitive data, and trade secrets.

The year “2010 was when mobile attacks really took off….We feel that this is something that is really going to ramp up in the next five to ten years. Mobile attacks are going to be just as prolific as PC attacks have been”, Percoco predicted.

The social networking boom has created the “perfect storm” for the attackers, Percoco said. “Most people are connected to one of the social networks. If you are an attacker, it’s not too difficult to pull off a target attack using social media”, he added.

What’s hot on Infosecurity Magazine?