美国时间2012年2月7日，Trustwave于近日发表了一份《2012 Global Security Report》，根据其SpiderLab在2011年的工作和研究进行了总结。

Trustwave 2012 Global Security Report, a reflection and analysis of investigations, research and client engagements conducted in 2011. The report's findings are based on more than 300 data breach investigations and 2,000 penetration tests performed worldwide last year by SpiderLabs, the advanced security team within Trustwave focused on forensics, ethical hacking and application security testing.

For the second year in a row, the report shows the food and beverage industry is the top target for cybercriminals. Additionally, more than a third of Trustwave SpiderLabs 2011 investigations occurred in a franchise business, and Trustwave researchers expect industries with franchise models will be most at risk in 2012. The report also unveils surprising findings about the most common password used by global businesses and the riskiest time of day to open an email attachment.

"We believe the Trustwave Global Security Report is the most comprehensive report on cybercrime and data breach trends, new and evolving threats, and recommendations of best security practices for organizations," said Nicholas J. Percoco, senior vice president and head of Trustwave SpiderLabs. "In 2011, we performed 42 percent more data breach investigations and assembled a thorough study on business password practices. The information we have gathered highlights security trends and risks that businesses should address in 2012."

Key Report Findings

        
        --  What do cybercriminals want?: Customer records remain a valuable
            target for attackers, making up 89 percent of breached data
            investigated. While trade secrets or intellectual property followed at
            a distant six percent, highly targeted attacks designed to go after
            that type of data remain a growing concern, as their success rate is
            extremely high.
        
        --  Data breach investigations are on the rise: Trustwave performed 42
            percent more investigations in 2011 than in the previous year --
            conducting more than 300 data breach investigations in 18 countries
            worldwide. The increase in investigations can be attributed to an
            increase in targeted, sophisticated attacks resulting in breaches, as
            well as more investigations in the Asia-Pacific region.
        
        --  The food and beverage industry remains the top target: For the second
            year, the food and beverage industry made up the highest percentage of
            investigations in 2011 at nearly 44 percent.
        
        --  Franchises and chain stores beware: Trustwave found that industries
            with franchise and chain store models are the top targets primarily
            because franchises often use the same IT systems across stores. If a
            cybercriminal can compromise a system in one location, they likely can
            duplicate the attack in multiple locations. More than a third of 2011
            investigations occurred in a franchise business and this number is
            expected to rise in 2012.
        
        --  Global businesses have a password problem: Despite headlines regarding
            data breaches due to poor password practices, global businesses still
            allow employees and system administrators to use weak passwords.
            Analyzing the usage and weakness trends of more than 2 million
            business passwords, Trustwave found that the most common password used
            by global businesses is "Password1" as it satisfies the default
            Microsoft Active Directory complexity setting.
        
        --  Careful when you open that attachment: 8:00 a.m. and 9:00 a.m.
            (Eastern Time, U.S.) is the most likely time for email sent with a
            malicious attachment.
        
        --  Self-detection of attacks and breaches is dismal: Self-detection of
            compromises decreased in 2011 and only 16 percent of victimized
            organizations were able to detect the breach themselves. The remaining
            84 percent relied on information reported to them by an external
            entity: regulatory, law enforcement or public. In those cases, in
            which an external entity was necessary for detection, analysis found
            that attackers had an average of 173.5 days within the victim's
            environment before detection occurred.
        
        --  Law enforcement steps up its cybersecurity game: The good news for
            organizations is that the effectiveness of law enforcement to detect
            breaches increased almost five-fold in 2011. Thirty-three percent of
            organizations that reported a breach were notified by law enforcement,
            compared to just seven percent the previous year. This increase can be
            attributed to work performed by groups such as the United States
            Secret Service, Interpol, Australian Federal Police and UK's Serious
            Organised Crime Agency.
        
        
        

Top Strategic Security Recommendations for 2012 To improve security posture, Trustwave recommends six focus areas for organizations in 2012:

        
        --  Education of Employees - The best intrusion detection systems are
            neither security experts nor expensive technology, but employees.
            Security awareness education for employees is the first line of
            defense.
        --  Identification of Users - Focus on achieving a state where every
            user-initiated action in your environment is identifiable and tagged
            to a specific person.
        --  Homogenization of Hardware and Software - Fragmentation of
            enterprises' computing platforms is an enemy to security. Reducing
            fragmentation through standardization of hardware and software, and
            decommissioning old systems, will create a more homogenous environment
            that is easier to manage, maintain and secure.
        --  Registration of Assets - A complete inventory or registry of valid
            assets can provide the insight needed to identify malware or a
            malicious attack.
        --  Unification of Activity Logs（统一日志管理） - Combining the physical world with the
            digital affords organizations with new ways to combine activities and
            logs to identify security events more quickly.
        --  Visualization of Events(事件可视化) - Log reviews alone are no longer sufficient.
            Visualizing methods to identify security events within the
            organization better narrows security gaps.
        
        
        

"Any organization can be a target, but as detailed in our report findings, those most susceptible are businesses that maintain customer records or that consumers frequent most, including restaurants, retail stores and hotels," added Percoco. "We advise organizations review our strategic recommendations for 2012 and take steps toward employing better security across their organizations."