Most security solutions providers are rushing to release their 2013 threat reports and Trustwave is among them. The company has released its 2013 Trustwave Global Security Report, which highlights the trends from the analysis of over 450 data breaches.
In addition to the data breaches, the study is also based on more than 2,500 penetration tests, 2 million network and vulnerability scans, 9 million web application attacks, 5 million malicious websites, 20 billion emails, and several zero-day exploits.
The figures reveal that applications have become the most popular attack vector, with e-commerce sites being the number one targeted assets.
Worryingly, in 64% of cases, it took attacked organizations more than 90 days to detect an intrusion. The average time for detection was 210 days, which is 35 days longer than it did in 2011.
Weak passwords, clicking on malicious links and other risky employee behavior leave the door open for further attacks, the study has found.
Of all the intrusion methods identified in 2012, SQL Injection and remote access were the most prevalent, accounting for 73% of infiltration methods.
Cyberattacks were discovered in 29 countries, but curiously, the largest percentage (34.4%) of them originated in Romania.
When it comes to malware, 40 variations of malware have been found in the 450 cases investigated by Trustwave. It’s believed that 6 criminal groups are responsible for developing them.
And since we’re talking about malware, it appears the US and Russia are the largest contributors to malware attacks.
“Cybercriminals will never stop trying to compromise systems to obtain valuable information such as customer and private user data, corporate trade secrets and payment card information,” explained Robert McCullen, CEO, chairman and president of Trustwave.
“This year’s Global Security Report pulls back the curtain revealing how breaches happen and how potential victims around the world can protect themselves so that they stay one step ahead and eliminate potential security threats.”
The complete report will be made available before the RSA Conference in San Francisco. Users who want to receive a complimentary copy can sign up for one here.