2012 Trustwave Incident Response Investigations

  • 789 views
Uploaded on

View top-level charts from the Trustwave 2012 Global Security Report, covering targets such as industries and types of data; how attacks were initially detected; and geographical origins of attacks.

View top-level charts from the Trustwave 2012 Global Security Report, covering targets such as industries and types of data; how attacks were initially detected; and geographical origins of attacks.

More in: Real Estate , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
789
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
13
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Trustwave 2012 Global Security ReportKey Data from Incident Response Investigations Presented by: Trustwave © 2012
  • 2. Industries & Data TargetedFood & Beverage and Retailindustries continue tobe major focus ofcriminal groups: • 77% (2010: 75%) 2 © 2012
  • 3. Industries & Data TargetedCustomer Records are the data attackers targetmost, specifically payment card data: • 89% (2010: 89%) 3 © 2012
  • 4. Assets TargetedAssets attackers went after: • 75% Software POS terminals (2010: 75%) • 20% E-commerce (2010: 9%) 4 © 2012
  • 5. System Admin Responsibility 75% of cases: a third party was responsible for a major component of system admin (2010: 88%) What you can do? • Contractually build in security requirements • Impose your policies and procedures on third parties (e.g., password policies) 5 © 2012
  • 6. Detection MethodSelf-Detection is vitalto stop attackers earlyin their efforts • 16% (2010: 20%)Law Enforcementincreased their efforts • 33% (2010: 7%)Reliance on externaldetection increasesthe attack window • 173.5 days vs. 43 days 6 © 2012
  • 7. Attack Timeline • 2011 cases spanned approximately 44 months • 35.8% had an initial attack entry within Q3 2010 7 © 2012
  • 8. Origin of Attack32.5% Unknown (2010: 24%)29.6% Russia (2010: 32%)10.5% USA (2010: 6%)Caveats • Easy to ‘fake’ origin – Anon proxies (like Tor) – Route via hacked systemsChallenges • Cross border LE • Do attackers need to hide? 8 © 2012
  • 9. About theTrustwave 2012 Global Security Report • Results from more than 300 incident response and forensic investigations performed in 18 countries. • Research analysis performed on data collected from SpiderLabs engagements combined with Trustwave’s Managed Security Service and SSL offerings. • Analysis from more than 2,000 manual penetration tests and 2 million network and application vulnerability scans. • Review of more than 25 different anti-virus vendors. • Trends from 16 billion emails collected from 2008- 2011. • Review of 300 publically disclosed Web-based breaches from 2011. • Usage and weakness trends of more then 2 million real-world passwords from corporate information systems. 9 © 2012
  • 10. Download the Reportwww.trustwave.com/gsr 10 © 2012