“…Almost one-third of all victims had critical systems administered by a third party…Attackers had no trouble exploiting that weakness, with vulnerable remote-access systems accounting for the method of entry in 47 
percent of the cases…in most cases, users – not software vulnerabilities – were to blame. Almost 90 percent of systems had weak or easily guessable passwords, with “Password1″ continuing to be the most common, according to Trustwave’s report…”
An analysis of breach data for 2012 found that retailers and the hospitality industry continued to command the most interest from cyber-criminals, accounting for 78 percent of the breaches documented by security services firm Trustwave.
The businesses are typically easy targets, having outsourced the administration of important servers and business data to firms that focus more on keeping the systems functioning than on security, says Christopher Pogue, director of digital forensics and incident response for Trustwave’s SpiderLabs.
“An integrator may have 1,000 customers and may do remote administration for all of them using, not 1,000 passwords, but maybe two or three,†Pogue said. “That leaves a vulnerability that can be exploited by attackers.â€
For more:Â http://www.techweekeurope.co.uk/news/retailer-hotel-crime-107589
