The retail industry had been the top industry target of cybercriminals in 2012, because of the lure of the large number of customer records especially payment card data.
According to Trustwave's 2013 Global Security Report, released Tuesday, the retail sector had made up 45 percent--higher by 15 percentage points from the previous year. This was the highest among the industries investigated by the security vendor, clearing the "misconception" these organizations were not a prime target.
This is followed by the food and beverage industry at 24 percent, hospitality sector at 9 percent, financial services at 7 percent and non-profit organizations at 3 percent.
Retail was the largest hit due to the massive amount of payment cards used in these industries, making them obvious targets, the report noted. The majority of data targeted by cybercriminals, 96 percent, also came from customer records such as payment card data, personal identifiable information (PII) and e-mail addresses.
There is also a well-established underground marketplace for stolen payment card data, where cybercriminals buy and sell quickly for use in fraudulent transactions. With a large number of merchants accepting payment cards and many attack vectors, it is unlikely the market will change anytime soon.
First cloud-based services compromised in APAC
Within Asia-Pacific, the first instances of merchants compromised by using cloud-based services had also been sighted.
The security vendor noted investigating cloud-related compromises had been difficult due to the cloud service provider's terms of service. As a result, merchants had to rely on internal investigations performed by the service provider on their own infrastructure.
For example, a merchant which Trustwave worked with was convinced it suffered a credit card related compromise but the cloud service provider insisted otherwise. This led to a stalemate and loss of trust. If the service provider had been able to confirm a compromise and resolve it, the merchant would have been able to confidently continue operations.
Moving forward, compromises of cloud-based services will become more common as organizations continue to rely on cloud. "Organizations must ensure they are satisfied with the service provider's information security approach and their contrctual terms regarding incident responses," the report said.
Enterprises slow to "self-detection"
It was also found many businesses were slow to detect breach activities in 2012, as the average breach time to detect was 210 days, more than 35 days longer than in 2011.
64 percent of organizations also took more than 90 days to detect an intrusion while 5 percent took three or more years to identify any criminal activities.
In addition, majority of breach detections were found by regulators and law enforcers at 48 percent and 25 percent respectively. Only 24 percent of organizations managed to detect the breach on their own.