Many organizations are getting better at cyber intrusion detection, according to a new report from Trustwave, the Chicago-based MSSP.
The "2017 Trustwave Global Security Report" of cybercrime, data breach and security threat trends from 2016 indicated the median number of days from cyber intrusion to detection of a compromise fell from 80.5 in 2015 to 49 last year.
In addition, the median number of days from cyber intrusion detection to containment was 2.5 in 2016, according to the report.
North America, Retail Lead in Data Breaches
In the report, 49 percent of data breaches investigated by Trustwave took place in North America, the company noted.
Furthermore, 21 percent of reported data breaches were in the Asia-Pacific region, 20 percent occurred in Europe, the Middle East and Africa and 10 percent took place in Latin America, Trustwave said in a prepared statement.
The report also indicated the largest single share of data breaches involved the retail industry (22 percent), followed by the food and beverage sector (20 percent).
Malware Dominates in 2016
Thirty-five percent of spam messages evaluated by Trustwave contained malware last year, and 60 percent of all inbound email examined by Trustwave was spam, according to the report.
Meanwhile, 83 percent of malware samples examined by Trustwave used obfuscation, and 36 percent used encryption, the report revealed.
Malicious advertising represents the number one source of traffic to exploit kit landing pages, Trustwave indicated.
The estimated cost for cybercriminals to infect 1,000 vulnerable computers with malvertisements was only $5 – or less than $.01 per vulnerable machine, Trustwave stated in its report.
How to Stop Data Breaches
Trustwave recommended organizations focus on the following areas to stop data breaches:
- Firewall Configuration: Limit inbound and outbound access to a network.
- Passwords: Establish complex password requirements for all personal computers, servers, firewalls, routers and other network devices.
- System Configuration: Create system guidelines to identify and address known vulnerabilities and threats.
- Remote Access Solution: Require two-factor authentication for all remote access into an environment.
- Malware Removal: Update antivirus software regularly.
- Logging and Monitoring: Review daily logs across all devices and retain logs for at least 90 days.
- Patch Management: Deploy vendor-released security patches consistently and ensure all applications are up to date.
- External and Internal Scanning: Perform regular external and internal scanning to detect and resolve vulnerabilities.
- Policy and Procedures: Provide annual security training to employees.
Cybercrime is becoming a "genuine business," Trustwave CEO Robert McCullen said in a prepared statement.
As such, organizations must focus on threat detection and response, security scanning and testing and cloud security services to protect themselves against rapidly evolving cyber threats, McCullen stated.