SQL injection attacks and weak passwords continue to plague organisations

http://i.bnet.com/blogs/keyboard-photo-by-joe-mckendrick3.jpg

The Trustwave 2012 Global Security Report has just been published, identifying various areas of vulnerabilities that threaten data security.

The report which studied more than 300 data breaches occurring over the year 2011 and across 18 countries, observes that cyber attacks continue to rise (no surprises there) and that hackers are increasingly going after business customer records (read, where the money is).

For the fourth year in a row however, SQL injection attacks have remained the number one ' weapon of choice' and in 76% of incident response investigations, it was a third-party, often responsible for system support, development and or maintenance of a businesses environment that introduced the security deficiency in the first place. In addition, 80% of the security incidents studied by Trustwave were in fact due to the use of weak administrative credentials. In many cases, it was thanks to default passwords that made it easier for hackers and attackers to break in and not through the use of any sophisticated tools.