Report Finds Basic IT Security Threats Continue To Be Overlooked

Trustwave, a provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world, has released its 2010 Global Security Report.

The report analyzes data gathered from nearly 1,900 penetration tests and more than 200 security incident and compromise investigations throughout 2009 and provides a business and technical impact analysis.

The report was compiled by SpiderLabs, the advanced security team at Trustwave responsible for incident response and forensics, penetration testing, application security and security research.

The most notable trend of 2009 was the continued existence of attack vectors despite the security industry's awareness of the associated vulnerabilities for a decade or more. Organizations large and small were found to be moving forward with plans to implement new technology, while leaving basic security threats overlooked in legacy environments and IT systems.

In a striking trend, the SpiderLabs team also found that third-party vendors or their software was responsible for more than 81 percent of investigations of a security incident or compromise. It was these third parties that introduced many deficiencies exploited by the attacker, such as default vendor-supplied passwords and insecure remote access applications.

In addition to the analysis of breach investigations, SpiderLabs also published technical information on the top vulnerabilities encountered during the penetration tests performed. The most telling results were those industries that requested penetration tests were the least compromised sector.

For example, technology and business services sector clients made up 36.1 percent of the penetration tests performed in 2009, yet only 9 percent of compromise investigations. Conversely, hospitality and food and beverage clients accounted for 7.6 percent of the penetration tests performed, while this sector made up a stunning 51 percent of investigations conducted by SpiderLabs.

"It's clear that organizations are managing current threats in a very reactive manner, rather than proactively reviewing their entire security posture and developing a plan that secures their data, systems and facilities," said Robert J. McCullen, chairman and CEO of Trustwave. "This report will provide companies throughout the world with the actionable information on detecting the leading vulnerabilities and guidance on how to mitigate those threats and secure their organization."

"The incidents we investigated showed that the hacking techniques used to penetrate a system were trivial -- that is they are very simple attack methods that have existed for many years," said Nicholas J. Percoco, senior vice president and head of SpiderLabs. "Yet many of these organizations never knew the vulnerabilities or the systems penetrated existed within their environment. In 2010, organizations should adjust their security plans and prioritize security risks before implementing a new strategic initiative."

To download a copy of Trustwave's 2010 Global Security Report, visit https://www.trustwave.com/whitePapers.php.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.