During 2012, nearly every industry, country and type of data was involved in a breach of some kind, reports Trustwave, data security & PCI compliance firm, in its recently released Global security report 2013.
The findings are interesting, though not unexpected. Some of the key findings are below:
Businesses are embracing an outsourced IT operations model. In 63% of incident response investigations, a major component of IT support was outsourced to a third party. Outsourcing can help businesses gain effective, cost-friendly IT services; however, businesses need to understand the risk their vendors may introduce and proactively work to decrease that risk.
Businesses are slow to “self-detect” breach activity. The average time from initial breach to detection was 210 days, more than 35 days longer than in 2011. Most victim organizations (64%) took over 90 days to detect the intrusion, while 5% took three or more years to identify the criminal activity.
And finally, as expected, basic security measures are still not in place. “Password1” is still the most common password used by global businesses. Of three million user passwords analyzed, 50% of users are using the bare minimum.