Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Data Breach Detection Takes Days or Longer For Many Businesses: Survey

Seconds count when dealing with a security incident. A new survey from Osterman Research however has found that many companies believe it would take hours or more for them to detect a breach – with nearly 30 percent stating it would take days, weeks or longer.

Seconds count when dealing with a security incident. A new survey from Osterman Research however has found that many companies believe it would take hours or more for them to detect a breach – with nearly 30 percent stating it would take days, weeks or longer.

The statistics come from a report entitled ‘Dealing with Data Breaches and Data Loss Prevention’. The report – which was sponsored by Proofpoint – fielded responses from 225 large and midsized organizations in the U.S. and Canada. According to the survey, just 24 percent felt they could detect a breach within minutes or seconds. Thirty-seven percent believe they could detect a breach within hours, while 28 percent said it would take days or weeks. One percent said it would take even longer than that, and nine percent weren’t sure.

Joe Diamond, director of product marketing at Proofpoint, blogged that the numbers indicate that many organizations are not properly preparing for a breach.

“In just hours, let alone days or weeks, gigabytes of data can be exfiltrated,” he wrote. “Worse yet, as data stores continue to grow, so does the presence of unchecked sensitive data. This leaves the attack surface large and subject to exfiltration caused by targeted attacks and malicious/oblivious insiders.”

Despite research showing that strong executive leadership can be critical in the aftermath of an attack, just 29 percent of the respondents said they look to their CISO to manage initial breach response. In addition, only 33 percent have the CISO manage the follow-up phases of a breach. When participants were asked to rate their organization’s preparedness to address data breaches if and when they occurred, some 68 percent described their organization as either “very well prepared” (6 percent), “well prepared” (27 percent) or “prepared” (35 percent).

Fourteen percent said they were “not well prepared” or worse. 

“However, it is important to note that preparedness is only part of the story,” according to the report. “For example, Target was quite well prepared for its now-infamous data breach: the company had deployed a robust anti-malware solution to protect against data breaches, it maintained a team of security personnel in India that were focused on detecting anomalous behavior in the corporate network, and it had a security team in Minneapolis that were focused on dealing with a data breach and other security incidents. Target’s security solution worked as it was designed, its Indian security team notified its counterparts of the breach in Minneapolis, but for some reason that final link in the chain did not respond appropriately.”

Fewer than half of the organizations in the survey have a data breach/cyber insurance policy, and about one-third have a data breach mitigation budget. Overall, 55 percent said that detecting and preventing data breaches are among their highest priorities in 2015, with nine percent calling it their highest priority.

“If you don’t understand your attack surface—that is, where the sensitive data is and who has access to it—it’s nearly impossible to be ‘breach ready’,” blogged Diamond. “It’s true that malicious outsiders are launching targeted attacks in your direction in an attempt to penetrate perimeter defenses. And let’s just assume you have the requisite security stack in place that will enable detection and response. But, fact is, you’ve got plenty of exfiltrators exfiltrating to exfiltratees, if you will, that reside within your organization’s respective firewall. Simply put, it’s just as important to protect against insiders as at is outsiders.”

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...