Attacks/Breaches

6/21/2016
10:00 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

7 Need-To-Know Attack Stats

Facts & figures about average dwell times, incident response speeds, and which direction the 'detection deficit' is heading.
Previous
1 of 7
Next


Image Source: Adobe Stock

Image Source: Adobe Stock

In information security and incident response, time is of the essence. The longer it takes to discover and remediate breaches, the more time attackers have to slowly bleed an organization of valuable information, set up persistence on the network, and otherwise wreak havoc without worry of repercussion.

Numerous security research and consultancies have established benchmarks for the average amount of time it takes to discover that attackers are operating within an infrastructure. The numbers vary from bad to worse. Take a look as Dark Reading explores some of the estimates, along with a few facts and figures about how costly long dwell times can be for organizations.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
alphaa10
50%
50%
alphaa10,
User Rank: Strategist
6/27/2016 | 11:35:57 PM
Wrong Direction
As if matters were not dire enough with an explosion in sophisticated, effective hacker tools, every criminal element which can capture a programmer or buy the software expects to rake in unprecedented profit.

Are corporate chiefs still asleep, trusting in the old IDS model for security? From all appearances, they are, indeed, and it will take millions more in losses before they awaken to the threat.

Poor training, coupled with antiquated threat indentification methods, understaffed IT sections, merger-speed corporate expansion, and profound ignorance of the threat conspire to make "corporate security" (almost) an oxymoron.

For Dark Readers, these are the dark ages of network security.

 

 
kbannan100
50%
50%
kbannan100,
User Rank: Apprentice
6/22/2016 | 10:49:33 AM
Re: The million dollar mark
"...the time from attack to compromise and attack to exfiltration is rarely longer than a few days."

Which means you have to be doubly vigilant when it comes to protecting everything -- endpoints such as printers and mobile devices, wireless connections, everything! And people are not doing that. Here's a portion of a white paper I have open on my desktop: 

"Many do not realize that embedded devices such as printers and industrial controllers can be the source or initial access point for a network breach. In fact, one of the largest identity theft cases in 2014 involved Target's POS systems and leveraged weaknesses within the building's HVAC systems to gain a foothold within Target's internal network." 

Crazy! The white paper can be found here, BTW: bit.ly/1sq1kyG

--Karen Bannan, commenting for IDG and HP
Charlie Babcock
100%
0%
Charlie Babcock,
User Rank: Ninja
6/21/2016 | 6:10:13 PM
The million dollar mark
Slide 4: Find a breach in its first 100 days, save a million dollars. Whew. What a statistic.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-8298
PUBLISHED: 2018-09-24
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.
CVE-2018-14825
PUBLISHED: 2018-09-24
A skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable...
CVE-2018-17437
PUBLISHED: 2018-09-24
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17438
PUBLISHED: 2018-09-24
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17439
PUBLISHED: 2018-09-24
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.