Five months to detect a breach
When it comes to cyber attacks and breaches, the hospitality industry has been the most heavily targeted industry in 2009.
This surprising information is among the findings contained in Trustwave’s Global Security Report 2010 that Nicholas Percoco, a security auditor, data breach investigator and Senior Vice President of SpiderLabs, will be presenting today at the Black Hat DC security conference.
The report is based on the analysis of data gathered from more than 1800 penetration tests and in excess of 200 security incident and compromise investigations performed by Trustwave over the past year, and according to it, hotels and resorts have been the unexpected “losers” in the yearly security battle against cyber criminals.
Why is that? Well, one of the reasons was definitely the small amount of breaches in that industry in 2008. These companies have weaker security in place precisely because they haven’t needed it that much in the past.
But in 2009 cyber criminals have discovered that fact, and they also saw that there is a lot of credit card information floating around those systems – and took advantage of it. Just think back of the Radisson data breach, and consider the fact that it has some 400 franchised locations. All those guests, all those credit card numbers-¦ Like honey to a bear.
According to Forbes, the report reveals that Trustwave was called to carry out an investigation after the breach in over 70 companies in that industry. Compared to the relatively small amount of publicly reported incidents, it is plain to see that the great majority of breached companies still prefers to keep such incidents under wraps.
Following the hotel industry (that accounted for 38 percent of the analyzed breaches) are companies offering financial services, with 19 percent of the total amount of incidents. They have obviously learned their lesson – not difficult to do if you were the previous “flavor of the year”. Third place went to the food and beverage companies, that accounted for 13% of the breaches.
Some other interesting findings include:
- Average time between the breach and the detection of it: 156 days
- In more that 4 out of 5 breaches, data was stolen from the computers used to perform the transactions – not the servers where the data was stored
- There is a high incidence of cyber criminals using old methods and vulnerabilities to get inside the system.