In its 2014 Global Security Report, information security specialist Trustwave estimates that investigations into security breaches increased by 53,6% last year compared to 2012. The data was gathered from 24 countries.
Trustwave Africa director Andrew Kirkland says many organisations don’t have the skills to address information security adequately, and many businesses simply don’t take security seriously enough.
The 2014 Global Security Report says 45% of all data theft incidents in 2013 involved non-payment card data, although payment card data still tops the list of data compromised. Non-payment card data includes financial credentials, personally identifiable information and other customer and personal records.
The report also indicates that there has been a 33% increase in the theft of sensitive and confidential data.
“The landscape for criminals is broadening. This does not mean that the theft of credit card information is decreasing, it just means that criminals are now looking at other options — and their options are growing,” Kirkland says.
The delivery method for most security breaches still involves criminals using e-mail to gain access. According to the 2014 Global Security Report, 59% of malicious spam used attachments infused with malware, while 41% used malicious links.
Criminals relied heavily on Java applets, with 78% of exploits detected taking advantage of vulnerabilities in Java. Spam made up 70% of inbound mail, although malicious spam fell by five percentage points in 2013, according to Trustwave’s report. The top three spam malware subject lines were “Some important information is missing”, “Bank Statement. Please read”, and “Important — payment overdue”.
The report says weak passwords opened the door for the initial intrusion in 31% of compromises investigated by Trustwave in 2013.
Kirkland says that in South Africa, there isn’t much information about data breaches in the payment card space or other sensitive data being stolen because South African law does not make it mandatory for companies to divulge such information. “South African companies still try to protect their reputations by keeping such information to themselves.”
But Kirkland says breaches are commonplace in South Africa, who says the African continent more broadly is vulnerable. “We are a target because we are seen as an emerging market. Africa is playing catch up all the time, including when it comes to matters related to security.” — © 2014 NewsCentral Media