Companies which outsource their data to third-party firms are nearly twice as likely to fall victim to hackers, according to a new study, which shows retailers at the top of the data breach hit-list.
The 2013 Global Security Report, by security firm Trustwave, also unearthed staggering incompetency when it comes to password setting. In nearly 74% of breaches, companies had used with either “password 1” or just “password” as authentication.
Meanwhile, there was a 400% rise in mobile malware affecting Google’s Android operating system, compared to last year.
Perhaps unsurprisingly, almost all the information hackers targeted was personal data. The retail industry had been particularly targeted – accounting for 45% of the cases investigated – as hackers tried to expose payment card data.
And of the 450-plus suspected data breaches the report had analysed, 63% involved IT outsourcing providers.
John Yeo, director of Trustwave’s SpiderLabs unit in Europe, the Middle East and Africa, said: “We are not saying outsourcing is bad, but there may have been a lack of due diligence in the selecting of outsourcing providers.”
Security consultant and former chief information security officer (CISO) at AstraZeneca Paul Simmonds claimed companies which outsource data services to cloud providers are often provided with just “sales patter”.
The information can suggest better data security measures are in place than is actually the case, he said. Buyers conducting cyber security audits or other due diligence also often “ask the wrong questions about the wrong things”, he added.
