Trustwave has published its Global Security Report 2011 and it has some very interesting research.
The research is from incidents investigated by the company. Specifically, a total of 220 investigations, undertaken against suspected breaches, 85% were confirmed with 90% resulted in data theft.
The headline statistics are:
Industry breakdown of where the incident happened
- Food and beverage 57%
- Retail 18%
- Hospitality 10%
- Government 6%
- Financial 6%
- Education 1%
- Entertainment 1%
- Construction 1%
Types of Data stolen
- Payment Card Data 87%
- Sensitive company data 8%
- Trade Secrets 3%
- Authentication Credential 2%
- Customer records 2%
It could be that Trustwave is a Payment Card Industry Forensics and Incident Investigator or it is further proof, if we needed it, that the bad guys are after the money.
Who found out that there had been an incident?
- Regulatory detection 60%
- Self detection 20%
- Public detection 13%
- Law enforcement 7%
Is it any wonder why the credit card issuers are strictly enforcing Payment Card Industry Data Security Standards (PCI DSS) when Merchants find 1 in 5 Account Data Compromises (ADC), also known as a breach.
Previous research found that the majority of cards are used in multiple frauds.
Merchants come out on top in the time to detect a breach
- Regulatory detection 156.5 days
- Public Detection 87.5days
- Law Enforcement 51.5 days
- Self Detection 28 days
This is interesting, 1 in 5 breaches were found first by a Merchant which means the majority of breaches take over 100 days to be discovered.
Trustwave www.trustwave.com