Voris says the changes in spam subject matter could be due to improvements in the ability of spam filters to root out pharmaceutical spam. Also, trends change. "Buying drugs online was a new field maybe 10 to 15 years ago," he says. "Now online dating is a huge industry, and it's something a lot of people are involved in. . . . It makes sense [that hackers] have moved on to current trends."
Some things never change
The geographic distribution of attacks doesn’t seem to have shifted much from 2014 to 2015. Most of the activity is still in this part of the world: 35 percent of the data breach investigations Trustwave conducted last year were in North America, with 21 percent in the Asia-Pacific region, 12 percent in Europe, the Middle East and Africa, and 10 percent in Latin America and the Caribbean.
The attacks and targets stay in North America, particularly the U.S., because the country has "a lot of businesses and organizations that are very juicy targets for individuals,” Sigler says. Moreover, “connectivity and available bandwidth still make us a very very important target for criminals." he adds.
Attacks in Latin America are on the rise — though just by "a little bit," says Sigler — "as those countries become more connected and business are becoming more profitable."
The good news
Trustwave’s report does contain some good news: Self-detection of compromises rose from 19 percent to 41 percent. "That large jump shows you that organizations are starting to do things correctly. They're not just earmarking security as [a secondary concern delegated to] their IT departments. They're actually paying attention, and paying attention in a really important fashion," says Sigler. Still, 41 percent is not a majority, and Sigler says he hopes to see a majority of organizations detecting breaches on their own in the future, because the sooner a company detects a compromise, the sooner it can "contain the damage."
Ultimately, sticking to the security basics will go a long way toward keeping your systems safe, Sigler says. Even though attackers are savvy and getting savvier, if you set up firewalls and make sure you’re properly logging and monitoring your systems, your organization will rise above the "low-hanging fruits and easy targets criminals tend to target," he says. "It's not sexy, but a lot of organizations aren't even doing that much."
Sign up for CIO Asia eNewsletters.