Hackers trying to hijack businesses’ websites and steal private data are growing in number and increasing the complexity and persistence of their attacks, according to a paper published by security firm Trustwave.
It has registered a rise in the number of organisations that are experiencing data loss, as hackers exploit weaknesses in current security systems to obtain corporate data and private customer information.
In the most recent publication of its Web Hacking Incidents study, it considers the way in which hacking incidents impact multiple areas of a business as the ripple of the effect spreads.
Trustwave’s Robert McCullen said that cybercriminals are constantly creating different methods to attack and circumvent the security protecting business data stored in a network or web-based environment.
Mr McCullen pointed out that it could only comment and catalogue those hacking events which are actually reported by firms, which meant that a total of 160 were available for analysis, implying that many more are occurring but go unreported, because businesses are wary of losing face and custom.
Trustwave concluded that a growing number of hacks are intended to steal data that has some kind of intrinsic value, perhaps to the firm’s competition or to other industries. As such there is significant profit to be made by the criminals from selling on the data.
Harnessing corporate networks for malware attacks and operating botnets on business systems is another favourite pastime for hackers. This might not necessarily result in the stealing of data from the business itself, but can mean that its resources are being exploited to wreak havoc elsewhere online.
Mr McCullen said that many firms are inadequately prepared for the most common form of attacks made against them. He claims that the tools for managing data and logging events is just inappropriately arcane and flawed within most businesses, while hackers have much more powerful, capable technology, tipping the balance in their favour.
Trustwave believes that the lax level of disclosure after a security breach is detected, means that firms are more susceptible to attacks in the future because they cover events up and do not fix the fundamental flaws.
A fifth of the organisations which registered attacks were based in the private sector, while financial institutions accounted for 12 per cent of the current statistics.
