Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Data Breach Detection Takes Days or Longer For Many Businesses: Survey

Seconds count when dealing with a security incident. A new survey from Osterman Research however has found that many companies believe it would take hours or more for them to detect a breach – with nearly 30 percent stating it would take days, weeks or longer.

Seconds count when dealing with a security incident. A new survey from Osterman Research however has found that many companies believe it would take hours or more for them to detect a breach – with nearly 30 percent stating it would take days, weeks or longer.

The statistics come from a report entitled ‘Dealing with Data Breaches and Data Loss Prevention’. The report – which was sponsored by Proofpoint – fielded responses from 225 large and midsized organizations in the U.S. and Canada. According to the survey, just 24 percent felt they could detect a breach within minutes or seconds. Thirty-seven percent believe they could detect a breach within hours, while 28 percent said it would take days or weeks. One percent said it would take even longer than that, and nine percent weren’t sure.

Joe Diamond, director of product marketing at Proofpoint, blogged that the numbers indicate that many organizations are not properly preparing for a breach.

“In just hours, let alone days or weeks, gigabytes of data can be exfiltrated,” he wrote. “Worse yet, as data stores continue to grow, so does the presence of unchecked sensitive data. This leaves the attack surface large and subject to exfiltration caused by targeted attacks and malicious/oblivious insiders.”

Despite research showing that strong executive leadership can be critical in the aftermath of an attack, just 29 percent of the respondents said they look to their CISO to manage initial breach response. In addition, only 33 percent have the CISO manage the follow-up phases of a breach. When participants were asked to rate their organization’s preparedness to address data breaches if and when they occurred, some 68 percent described their organization as either “very well prepared” (6 percent), “well prepared” (27 percent) or “prepared” (35 percent).

Fourteen percent said they were “not well prepared” or worse. 

“However, it is important to note that preparedness is only part of the story,” according to the report. “For example, Target was quite well prepared for its now-infamous data breach: the company had deployed a robust anti-malware solution to protect against data breaches, it maintained a team of security personnel in India that were focused on detecting anomalous behavior in the corporate network, and it had a security team in Minneapolis that were focused on dealing with a data breach and other security incidents. Target’s security solution worked as it was designed, its Indian security team notified its counterparts of the breach in Minneapolis, but for some reason that final link in the chain did not respond appropriately.”

Fewer than half of the organizations in the survey have a data breach/cyber insurance policy, and about one-third have a data breach mitigation budget. Overall, 55 percent said that detecting and preventing data breaches are among their highest priorities in 2015, with nine percent calling it their highest priority.

Advertisement. Scroll to continue reading.

“If you don’t understand your attack surface—that is, where the sensitive data is and who has access to it—it’s nearly impossible to be ‘breach ready’,” blogged Diamond. “It’s true that malicious outsiders are launching targeted attacks in your direction in an attempt to penetrate perimeter defenses. And let’s just assume you have the requisite security stack in place that will enable detection and response. But, fact is, you’ve got plenty of exfiltrators exfiltrating to exfiltratees, if you will, that reside within your organization’s respective firewall. Simply put, it’s just as important to protect against insiders as at is outsiders.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.