Contact Information: MEDIA CONTACT: Michelle Genser Trustwave +1 312 873 7288
Trustwave Releases 2010 Global Security Report
Finds Basic Security Threats Overlooked and Third Party Vendor Issues
| Source: Trustwave
CHICAGO, IL--(Marketwire - February 2, 2010) - Trustwave, the leading provider of on-demand
data security and payment card industry compliance management solutions to
businesses and organizations throughout the world, has released its 2010
Global Security Report. The report analyzes data gathered from nearly 1900
penetration tests and more than 200 security incident and compromise
investigations throughout 2009 and provides a business and technical impact
analysis. The report was compiled by SpiderLabs, the advanced security team
at Trustwave responsible for incident response and forensics, penetration
testing, application security and security research.
The most notable trend of 2009 was the continued existence of attack
vectors despite the security industry's awareness of the associated
vulnerabilities for a decade or more. Organizations large and small were
found to be moving forward with plans to implement new technology, while
leaving basic security threats overlooked in legacy environments and IT
systems.
A recent article in USA Today agrees with these findings, stating, "The
vast majority of organizations routinely fail to take simple defensive
measures, such as shoring up common website weaknesses or uniformly
enforcing the use of strong passwords."(1)
In a striking trend, the SpiderLabs team also found that third-party
vendors or their software was responsible for more than 81 percent of
investigations of a security incident or compromise. It was these third
parties that introduced many deficiencies exploited by the attacker, such
as default vendor-supplied passwords and insecure remote access
applications.
In addition to the analysis of breach investigations, SpiderLabs also
published technical information on the top vulnerabilities encountered
during the penetration tests performed. The most telling results were those
industries that requested penetration tests were the least compromised
sector. For example, technology and business services sector clients made
up 36.1 percent of the penetration tests performed in 2009, yet only 9
percent of compromise investigations. Conversely, hospitality and food and
beverage clients accounted for 7.6 percent of the penetration tests
performed, while this sector made up a stunning 51 percent of
investigations conducted by SpiderLabs.
"It's clear that organizations are managing current threats in a very
reactive manner, rather than proactively reviewing their entire security
posture and developing a plan that secures their data, systems and
facilities," says Robert J. McCullen, chairman and CEO of Trustwave. "This
report will provide companies throughout the world with the actionable
information on detecting the leading vulnerabilities and guidance on how to
mitigate those threats and secure their organization."
"The incidents we investigated showed that the hacking techniques used to
penetrate a system were trivial -- that is they are very simple attack
methods that have existed for many years," says Nicholas J. Percoco, senior
vice president and head of SpiderLabs. "Yet many of these organizations
never knew the vulnerabilities or the systems penetrated existed within
their environment. In 2010, organizations should adjust their security
plans and prioritize security risks before implementing a new strategic
initiative."
To download a copy of Trustwave's 2010 Global Security Report, please
visit: https://www.trustwave.com/whitePapers.php.
(1) "Cyberthieves find workplace networks are easy pickings," by Byron
Acohido, USA Today, October 9, 2009.