Trustwave Weighs In on Self-Detected, SSL/TLS Vulnerabilities

Trustwave Weighs In on Self-Detected, SSL/TLS Vulnerabilities

by Sean Michael Kerner

Compromises Vary by Industry

How IT environments are compromised varies across the industry segments. In retail, 27 percent of compromises came from POS breaches, while in the food and beverage space, POS accounted for 95 percent of breaches.

Weak Passwords Pose Major Risks

The contributing factors across different types of compromises also vary. Weak passwords contributed to 50 percent of POS breaches and 8 percent of e-commerce breaches.

Third Parties Report Most Breaches

In 2014, organizations self-detected only 19 percent of breaches. In contrast, 58 percent were first detected by credit card brands, regulatory bodies or merchant banks.

Self-Detected Intrusions Detected Faster

For breaches third parties found, it took an average of 108 days in 2014 before security intrusions were detected. Self-detected breaches were found significantly faster, in only 10 days on average in 2014.

Most Frequently Detected Vulnerabilities Not New

One of the mostly frequently detected vulnerabilities Trustwave analyzed is CVE-2011-3389, an SSL vulnerability first reported back in 2011.

Adobe Flash Is the Top Exploited Application

Adobe Flash tops Trustwave’s list as the most exploited application Trustwave observed in 2014.

Spam Volume Continues to Decline

Trustwave’s analysis shows a continued decline in spam volumes since the 2008 high of 92.6 percent, down to 59.7 percent in 2014.

Health Care: The Leading Spam Category

Health care-related spam is the leading category of spam, at 72.4 percent in 2014, up from 55.4 percent in 2013.