All the latest UK technology news, reviews and analysis

Third parties revealed as biggest IT vulnerability

by Iain Thomson

More from this author

04 Feb 2010

Be the first to comment

  • Tweet this
Security padlock
Third-party systems were responsible for 81 per cent of security breaches last year

An analysis of more than 1,900 penetration tests and 200 actual security breaches over the past year has shown that more than four out of five security problems are down to third-party suppliers.

The survey by payment security firm Trustwave showed that third-party systems were responsible for 81 per cent of the security breaches, and that point-of-sale (POS) devices accounted for 83 per cent of that total.

Further reading

"POS systems represent the easiest method for criminals to obtain the magnetic stripe data necessary to commit card-present fraud," said Trustwave in its 2010 Global Security Report.

"Due to the common existence of well-known vulnerabilities and the sheer volume of potential targets, software POS systems are considered low-hanging fruit to even the novice attacker."

More than two thirds of attacks used memory parsers, an application designed to monitor RAM activity and steal financial data. Key-loggers accounted for 18 per cent of attacks, and network sniffers nine per cent.

The report also suggested that hardware manufacturers need to be more vigilant when it comes to security.

"We believe that hardware tampering will grow over the next several years. The prize target for any organised crime group would be to infiltrate the device manufacturing company," said the report.

"Given the lax state of security in the world today, a crime organisation would have little trouble executing this attack at one of the second-tier device manufacturing companies, resulting in modified hardware being shipped to customers."

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

data-security-key

Network firm x.o Ware aims to bring VPNs to SMBs with ExoNetwork

Related white papers

Related articles

Related jobs

Today's top stories

Cloud computing suppliers announced by government

Government launches G-Cloud store with 257 cloud computing suppliers

Microsoft Windows 8 start screen

Top 10 Microsoft Windows 8 features to be excited about

Barclays Pingit Application in use on an iPhone

Barclays launches Pingit mobile payment service for iPhone, Android and BlackBerry

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

97%

1%

1%

0%

1%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Workflow Development Team Lead

A Workflow Development Team Leader with a good knowledge...

Senior SQL Developer SSIS SSRS £500pd

Senior SQL Developer Investment Banking SSIS SSRS T-SQL...

Business Analyst Financial Services

Business Analyst Financial Services, SQL (Business analysis...

Junior/Graduate IT Support, Financial Services

Junior/Graduate IT Support, Financial Services (Networks...

To send to more than one email address, simply separate each address with a comma.