Seconds count when dealing with a security incident. A new survey from Osterman Research however has found that many companies believe it would take hours or more for them to detect a breach – with nearly 30 percent stating it would take days, weeks or longer.
The statistics come from a report entitled ‘Dealing with Data Breaches and Data Loss Prevention’. The report – which was sponsored by Proofpoint – fielded responses from 225 large and midsized organizations in the U.S. and Canada. According to the survey, just 24 percent felt they could detect a breach within minutes or seconds. Thirty-seven percent believe they could detect a breach within hours, while 28 percent said it would take days or weeks. One percent said it would take even longer than that, and nine percent weren’t sure.
“In just hours, let alone days or weeks, gigabytes of data can be exfiltrated,” he wrote. “Worse yet, as data stores continue to grow, so does the presence of unchecked sensitive data. This leaves the attack surface large and subject to exfiltration caused by targeted attacks and malicious/oblivious insiders.”
Despite research showing that strong executive leadership can be critical in the aftermath of an attack, just 29 percent of the respondents said they look to their CISO to manage initial breach response. In addition, only 33 percent have the CISO manage the follow-up phases of a breach. When participants were asked to rate their organization’s preparedness to address data breaches if and when they occurred, some 68 percent described their organization as either “very well prepared” (6 percent), “well prepared” (27 percent) or “prepared” (35 percent).
Fourteen percent said they were “not well prepared” or worse.
“However, it is important to note that preparedness is only part of the story,” according to the report. “For example, Target was quite well prepared for its now-infamous data breach: the company had deployed a robust anti-malware solution to protect against data breaches, it maintained a team of security personnel in India that were focused on detecting anomalous behavior in the corporate network, and it had a security team in Minneapolis that were focused on dealing with a data breach and other security incidents. Target’s security solution worked as it was designed, its Indian security team notified its counterparts of the breach in Minneapolis, but for some reason that final link in the chain did not respond appropriately.”
Fewer than half of the organizations in the survey have a data breach/cyber insurance policy, and about one-third have a data breach mitigation budget. Overall, 55 percent said that detecting and preventing data breaches are among their highest priorities in 2015, with nine percent calling it their highest priority.
“If you don’t understand your attack surface—that is, where the sensitive data is and who has access to it—it’s nearly impossible to be ‘breach ready’,” blogged Diamond. “It’s true that malicious outsiders are launching targeted attacks in your direction in an attempt to penetrate perimeter defenses. And let’s just assume you have the requisite security stack in place that will enable detection and response. But, fact is, you’ve got plenty of exfiltrators exfiltrating to exfiltratees, if you will, that reside within your organization’s respective firewall. Simply put, it’s just as important to protect against insiders as at is outsiders.”