Report Finds Basic IT Security Threats Continue To Be Overlooked

Trustwave, a provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world, has released its 2010 Global Security Report.

The report analyzes data gathered from nearly 1,900 penetration tests and more than 200 security incident and compromise investigations throughout 2009 and provides a business and technical impact analysis.

The report was compiled by SpiderLabs, the advanced security team at Trustwave responsible for incident response and forensics, penetration testing, application security and security research.

The most notable trend of 2009 was the continued existence of attack vectors despite the security industry's awareness of the associated vulnerabilities for a decade or more. Organizations large and small were found to be moving forward with plans to implement new technology, while leaving basic security threats overlooked in legacy environments and IT systems.

In a striking trend, the SpiderLabs team also found that third-party vendors or their software was responsible for more than 81 percent of investigations of a security incident or compromise. It was these third parties that introduced many deficiencies exploited by the attacker, such as default vendor-supplied passwords and insecure remote access applications.

In addition to the analysis of breach investigations, SpiderLabs also published technical information on the top vulnerabilities encountered during the penetration tests performed. The most telling results were those industries that requested penetration tests were the least compromised sector.

For example, technology and business services sector clients made up 36.1 percent of the penetration tests performed in 2009, yet only 9 percent of compromise investigations. Conversely, hospitality and food and beverage clients accounted for 7.6 percent of the penetration tests performed, while this sector made up a stunning 51 percent of investigations conducted by SpiderLabs.

"It's clear that organizations are managing current threats in a very reactive manner, rather than proactively reviewing their entire security posture and developing a plan that secures their data, systems and facilities," said Robert J. McCullen, chairman and CEO of Trustwave. "This report will provide companies throughout the world with the actionable information on detecting the leading vulnerabilities and guidance on how to mitigate those threats and secure their organization."

"The incidents we investigated showed that the hacking techniques used to penetrate a system were trivial -- that is they are very simple attack methods that have existed for many years," said Nicholas J. Percoco, senior vice president and head of SpiderLabs. "Yet many of these organizations never knew the vulnerabilities or the systems penetrated existed within their environment. In 2010, organizations should adjust their security plans and prioritize security risks before implementing a new strategic initiative."

To download a copy of Trustwave's 2010 Global Security Report, visit https://www.trustwave.com/whitePapers.php.

Featured

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.