GO
Loading...

Data breach! U.S. tops list of victims, study shows

Smeel Photography | E+ | Getty Images

Though cybersecurity and data theft are a global phenomenon, corporations and public and private entities in the U.S. overwhelmingly are the most attractive targets of cyberattacks, according to a new report by cybersecurity firm Trustwave.

Of the 691 data breaches investigated by Trustwave last year, 59 percent infiltrated U.S. organizations—far ahead of the second-most targeted country, the U.K., at 14 percent. Those findings are part of a broader 2014 Trustwave Global Security Report Wednesday. Overall, the number of data breaches investigated was up 54 percent year-over-year.

America's consumer-driven economy makes U.S. entities especially attractive to cybercriminals.

"If you can get access to that information whether it's credit card information or personal information, it's a target rich environment. The next closest state or country that was behind us was the U.K., which was one-fourth of the [breach] activity that we saw here in the U.S.," said Robert J. McCullen, chairman and chief executive of Trustwave.

Australian entities are the third most targeted by cyberattackers, accounting for 11 percent of Trustwave's investigations in 2013.

Read MoreCyberteams duke it out in the World Series of hacking

Top targets for cyberattacks by industry include retailers, accounting for 35 percent of Trustwave's breach investigations, followed by the food and beverage and hospitality industries.

"Retailers, quick-serve restaurants and hospitality, they're all similar in that they have many locations, they're target rich and they have a lot transactions from customers going to those locations, and they have a lot of different vendors that are used in those environments. If you can breach one [location], typically breaching the others is pretty straight forward," McCullen said.

Within the top three targeted industries, assets those industries use to conduct business also make them vulnerable. Those platforms include e-commerce platforms which made up 54 percent of assets targeted in the breach investigations and point-of-sale systems, which were a target in 33 percent of the breach investigations.

Read MoreThe anatomy of an Android smartphone cyberattack

Despite the increase in cyberattacks, Trustwave measured positive progress by companies and organizations in the time it takes them to detect a breach. The mean average time across investigations was 134 days, down from 210 days in 2012. The median average for detection was even better, at 87 days.

Those details are important because progress for detecting a breach is key to containing the damage, McCullen said. That kind of efficiency allows firms to more quickly mitigate risk and quarantine part of the computers and network devices in the environment that have been compromised, with the goal of preventing larger amounts of data from being exfiltrated or extracted from a network.

Increases in IT security budgets also help, along with raising awareness of the risks of cyberattacks all the way up to the board level and sometimes the two go hand-in-hand.

"It's really a focus and a funding issue that IT directors have to face these days. The key is to bring awareness so you can go out and get funding and focus because cybercrime can dramatically impact not only your customer relationships but financially, your bottom line," McCullen said.

By CNBC's Sabrina Korber.

Featured

  • CNBC's senior correspondent and lead investigative reporter, Scott Cohn also appears on "NBC Nightly News with Brian Williams," "Today" and on MSNBC.

  • “Squawk on the Street” Co-Anchor

  • CNBC Washington Reporter

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.

Technology

Technology Explained