Data Thieves Don’t Stop at Payment Data Any More

A security and ads by removal breach in any of the accounts most people use every day is a heart-stopping experience, and one that often leaves the user more than a little frightened about the immediate future. What else will be broken into, some might wonder, or perhaps how can the data that was taken be used against its own user? It was bad enough when data thieves wanted payment card data almost exclusively, but now, a new report from Trustwave shows that it’s not just about payment data any more, but rather, that data thieves are branching out and going after other kinds of data as well.

The word from the “2014 Trustwave Global Security Report” shows a disturbing picture for anyone who deals in data online, particularly on mobile devices. It was conducted on the strength of 691 investigations staged into data breaches, which by itself represented a disturbing trend in the works, namely, a 54 percent increase just from 2012.

Trustwave reported a 33 percent increase in data thefts across several breeds of information that would normally be considered sensitive or confidential; including things like customer records, internal communications, or “personally identifiable information.” Indeed, nearly half—45 percent—of all thefts involved had nothing to do with payment data at all. The e-commerce field represented 54 percent of the targeted assets, while point-of-sale system breaches—not unlike those suffered by Target and Neiman Marcus—came in at 33 percent of breaches investigated by Trustwave.

The Trustwave report noted that “a global, thriving underground…” was in place to handle “…quick monetization of stolen data – no matter where the victim or attacker resides.” That makes stolen data a valuable commodity, one that needs to be protected. On that front, Trustwave found, users are often somewhat to blame. Almost a third—31 percent—of all compromises could be traced to “weak passwords”, though the idea of a weak password can be subjective. Applications turned out to be serious security risks, with 96 percent of tested applications—and a whopping 100 percent of mobile applications—were found to have at least one of several “serious security vulnerabilities.” Several exploits turned to familiar names as a springboard to hacking, including 85 percent involving third-party plug-ins like Java.

Meanwhile, most victims of such data breaches were in the United States, getting hit with 59 percent of the breaches. Meanwhile, 14 percent of the breaches were in the United Kingdom, while almost the same, 11 percent, were in Australia. As for what to do, Trustwave’s advice was simple if not necessarily easy to follow up: “Secure all of your data, and don’t lull yourself into a false sense of security just because you think your payment card data is protected. Assess your entire set of assets – from endpoint to network to application to database. ”

Some basic standards do apply here, like the use of passwords with numbers, letters and symbols as much as possible and even the use of a password manager system. Business owners, meanwhile, need to apply particularly strong protection methods, especially when a franchise model of business is operating. It can be difficult to balance the need for protection with the need for easy access for those who should have access, but it’s a balancing act that needs to happen for the sake of the system’s continued operation.