As commentators debate next steps in the wake of the Global Payments data breach disclosed two weeks ago, a perhaps surprising finding of a recent report by Verizon is that most data breaches are opportunistic.
The 2012 Verizon Data Breach Investigations Report finds that 79 percent of attacks represented in the report were opportunistic.
By opportunistic, Verizon means that the victim isnÃ¢â‚¬â„¢t specifically chosen as a target. Rather, they were identified and attacked because they exhibited a weakness the attacker knew how to exploit.
In addition, 97 percent of the attacks were avoidable, without the need for organizations to resort to difficult or expensive countermeasures.
According to Verizon, some 85 percent of targets of opportunity are organizations with fewer than 1,000 employees and nearly three-quarters of them hit the retail/trade and accommodation/food service industries.
Verizon says this appears to support the argument that large-scale automated attacks are opportunistically attacking small to medium businesses, and POS (point of sale) systems frequently provide the opportunity.
Smaller organizations often do not have the knowledge or resources necessary to address flagrant weaknesses in their Internet accessible assets that cause them to be identified for opportunistic attacks.Ã¢â‚¬
At the end of the report Verizon encourages readers to cut out a card listing POS security tips to give to restaurants, retailers, hotels or other establishments that they frequent.
Key tips for small businesses:
— Change administrative passwords on all POS systems; and
— Implement a firewall or access control list on remote access/administration services
The 2012 Verizon report spans 855 data breaches across 174 million stolen records, with the participation of law enforcement partners around the globe.