2013 Global Security Report by Trustwave
Top 5 Compromised Industries
1 Retail and
2 Food & Beverage
The retail space saw a 15% increase in 2012 compared to 2011, nearly equal to the 17% drop in Food & Beverage breaches. Over the past three years, these two have been almost interchangeable, with similar network layouts due to the payment systems and software vendors used. In these industries, security often becomes an afterthought until a breach is identified.
Three years ago, Hospitality was hardest hit by far. This industry has made significant strides to resolve data security issues. The majority of Hospitality breaches this year were actually at Food & Beverage locations within the building and not necessarily in the Hospitality Management System (HMS). The reason for this is twofold: The Food & Beverage systems are usually easier to compromise and more payment cards are used in these establishments (as the HMS is limited to the guests staying at that hotel).This is not to say that an HMS is more secure than Food & Beverage systems. A successful HMS breach may include data from an “interface” server that combines the HMS with the hotel’s Food & Beverage and Retail locations (e.g., gift shop), harvesting significantly more data.
4 Financial Services
A small increase for Financial Services highlights the fact that attackers are continuing to look at central aggregation points like payment processors and merchant banks as viable targets. The Payment Card Industry Data Security Standard (PCI DSS) has made comprehensive security controls more commonplace in larger organizations. Therefore, the organizations become more difficult to compromise. This by no means indicates that attackers have given up on these high-dollar targets, simply that they are better defended, presenting a bigger challenge to would-be intruders. The logical progression for attackers will be to hit the next stop in the payment card industry (PCI) flow: the banks. If attackers are able to breach financial intuitions such as payment gateways or merchant processors, the payoff would be huge.
The increase in attacks on Nonprofit has several potential causes. Attacks could be based on beliefs (personal, religious or political), or they could simply be financial targets, considering that many of these organizations typically do not have the funds to spend on security.