The retail sector saw a significant increase in cyber-attacks over the past 12 months with the average time it took to detect an attack rising to a worrying 210 days.
According to security company Trustwave, which has just publiched its 2013 Global Security Report, the retail space saw an 15 percent increase in attacks during 2012, which was matched by a 17 percent drop in the breaches of food and beverage companies, which occupied the number two spot.
According to the report it took on average five weeks longer to spot a cyber-attack in 2012 than it did in 2011, indicating that cyber-criminals are becoming more sophisticated in their attack methods while security vendors, individuals and enterprises are failing to keep pace with the developments in this area.
The research is based on 450 investigations carried out by Trustwave during 2012, along with 2,500 penetration test the company carried out for companies around the world.
Trustwave identified Romania as the centre of global cyber-crime with 34.4 percent of all attacks originating in the eastern European country. The US was the most targeted country with 73 percent of all investigations taking place there.
As was the case in 2011 cardholder data was the most targeted information, mainly due to the well-established black market for this type of information. This was the main reason that Retail, Food and Beverage and Hospitality were the top three targets in 2012, as all deal with huge volumes of valuable information.
Trustwave said there is still a perception among these companies that they are not a target, with the question "Why me?" raised in just about every single investigation carried out.
One of the new trends which emerged in 2012 was the failure of third parties when it came to security. The blame for almost two-thirds of all the attacks investigated fell at the feet of third-parties which had been employed to handle some part of the system, whether it was support, development, and/or maintenance.
Outsourcing IT support is widespread among many small businesses/franchises in the retail and food and beverage sectors, and it is clear from this report that there is insufficient due diligence done by the companies when employing these third parties.
Another worrying trend with emerged in 2012 was the fact that less than a quarter of all intrusions were detected by the companies themselves. The majority (48 percent) of detection was done by regulatory bodies, with law enforcement making up another 25 percent.
The reason for the failure of companies to identify attacks relates to the fact that over the past two years attacks have grown significantly in complexity making most "off the shelf" detection solutions such as anti-virus software redundant.
The result of this failure to spot that someone is targeting you is the increasing length of time it is taking for companies to identify the problem.
To contact the editor, e-mail: