Data thieves are diversifying their methods of attempting to steal sensitive information, says a new report from Trustwave. The research, gathered from 691 data breach investigations from 2013, shows that cybercriminals are increasingly targeting sensitive and confidential information in a variety of new ways, while still exploiting old vulnerabilities to compromise security among individual employees.

scyther5 / bigstockphoto.com

scyther5 / bigstockphoto.com

Below are our 7 highlights from reviewing the report.

  1. Credit cards are still a top priority for would-be data thieves, with 55% of data thefts in 2013 involving payment card data
  2. Thieves are more interested in private information, with thefts of sensitive and confidential information increasing 33% in 2013
  3. 59% of data breach victims live in the US, far ahead of the 2nd most-targeted country, which was the UK at 14%
  4. Retail is the most commonly targeted industry, making up 35% of all attacks. Food and beverage came in second at 18%, and hospitality third, at 11%
  5. The top 3 subject lines of spam emails were:
    1. “Some Important Information Is Missing”
    2. “Bank Statement. Please Read.”
    3. “Important—Payment Overdue.”
  6. Data thieves love Java. 78% of data thefts involved taking advantage of Java vulnerabilities
  7. Overall, 85% of cybercriminal activity involved exploiting third-party plugins, including Java, Flash and Adobe Reader

Overall, Trustwave recommends first educating employees on best practices to enforce security, and then focusing on strengthening passwords. DRaaS may also be an effective tactic for enterprises concerned about maintaining their security in 2014.