New this year was the breach of automated teller machines (ATMs), which occurred in only 1 percent of the cases, but it may presage more to come as the payoff is considerably greater than with other types of cardholder data, the report notes.
IP attacks can be far more devastating as they “could result in years of research and development being stolen and used by a competing company,” says Nicholas Percoco, senior vice president of Trustwave. But most companies don’t face that type of attack because “most of the corporate or nation-state sponsored IP attacks go after the top organizations within particular industries.”
The number one vulnerability that led to a breach was remote access. That’s not surprising, really. As the report notes, many IT service providers—the trusted third parties that have been given remote access—“choose a remote administration utility that remains always on...not the most secure option…. To further facilitate remote administration, providers frequently choose simple, default-like passwords that are then reused at multiple client locations.” That means if one location is compromised, they all are.
These vulnerabilities are compounded when the service provider has a poorly configured firewall and when their systems are not kept up to date with the latest patches.
The access software these providers use is often not properly configured and it is not audited, according to Nathan McNeill, cofounder and chief strategy officer of Bomgar, one of the companies that provides remote service software. Newer remote access software tends to be configured more securely out of the box, he says.