Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

New Trustwave Report Reveals Criminals Receive 1,425 Percent Return on Investment from Malware Attacks

2015 Trustwave Global Security Report Details How Criminals Get Inside, Most Targeted Victims, Top Assets Compromised and More

CHICAGO - June 9, 2015 -- Trustwave® today released the 2015 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2014. The report discloses how much criminals can profit from malware attacks, which data they target, how they get inside, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals are targeting and where the majority of victims are located. It also reveals the most commonly used exploits, most prevalent malware families and more.

Trustwave experts gathered the data from 574 breach investigations the company's SpiderLabs® team conducted in 2014 across 15 countries in addition to proprietary threat intelligence gleaned from the company's five global Security Operations Centers, security scanning and penetration testing results, telemetry from security technologies distributed across the globe and industry-leading security research.

2015 Trustwave Global Security Report: Key Highlights

  • Return on investment: Attackers receive an estimated 1,425 percent return on investment for exploit kit and ransomware schemes ($84,100 net revenue for each $5,900 investment)
  •  Weak application security: 98 percent of applications tested by Trustwave in 2014 had at least one vulnerability. The maximum number of vulnerabilities Trustwave experts found in a single application was 747. The median number of vulnerabilities per application increased 43 percent in 2014 from the previous year.
  • The password problem: "Password1" was still the most commonly used password. 39 percent of passwords were eight characters long. The estimated time it took Trustwave security testers to crack an eight-character password was one day. The estimated time it takes to crack a ten-character password is 591 days.
  • Where victims reside: Half of the compromises Trustwave investigated occurred in the United States (a nine percentage point decrease from 2013).
  • Who criminals target: Retail was the most compromised industry making up 43 percent of Trustwave's investigations followed by food and beverage (13 percent) and hospitality (12 percent).
  • Top assets compromised:  42 percent of investigations were of e-commerce breaches. Forty percent were of point-of-sale (POS) breaches. POS compromises increased seven percentage points from 2013 to 2014, making up 33 percent of Trustwave's investigations in 2013 and 40 percent in 2014. E-commerce compromises decreased 13 percentage points from 2013 to 2014.
  • Data most targeted: In 31 percent of cases Trustwave investigators found attackers targeted payment card track data (up 12 percentage points over 2013). Track data is the information on the back of a payment card that's needed for an in-person transaction. Twenty percent of the time attackers sought either financial credentials or proprietary information (compared to 45 percent in 2013) meaning attackers shifted their focus back to payment card data.
  • Lack of self-detection: The majority of victims, 81 percent, did not detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.
  • How criminals break in: Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014. Weak remote access security or weak passwords contributed to 94 percent of POS breaches.
  • Spam on the decline: Spam volume continues to decrease making up 60 percent of total inbound mail (compared to 69 percent in 2013 and more than 90 percent at its peak in 2008), but six percent of it included a malicious attachment or link, a slight increase from 2013.

"To defend against today's sophisticated criminals, businesses must see attacks from their front windshield instead of their rear view mirror," said Trustwave Chairman, Chief Executive Officer and President Robert J. McCullen. "By providing a wealth of current, actionable data breach trends and threat intelligence, our 2015 Trustwave Global Security Report helps businesses identify what's coming so that they can engage the people, processes and technologies needed to thwart cybercrime attacks that can generate close to a 1,500 return on investment."

About Trustwave

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries.

Latest News Releases

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers

Chicago – October 29, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released a series of reports detailing the threats facing the retail sector, marking the...

Read More

Trustwave Ranks in Top 10 on MSSP Alert’s Top 250 List for Eighth Consecutive Year

Chicago – October 24, 2024 – Trustwave has again been named a Top 10 MSSP by the industry publication MSSP Alert, a CyberRisk Alliance resource, in its 2024 Top 250 MSSPs List, placing 10th this year.

Read More

Trustwave Expands Partnership with Dicker Data to Deliver Full Range of Managed Security Services in Australia

Trustwave, a global leader in cybersecurity and managed security services, has announced an expanded partnership with Dicker Data, Australia’s premier IT distributor, which has long been a Trustwave...

Read More