Attacks/Breaches
6/12/2014
08:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Report: Slow Detection, Slow Response

One-third of network security hacks are not discovered for hours, a report says.

More than one-third of data breaches aren't detected for hours, and recovering from a breach takes anywhere from days to months, a new survey says.

"The mean time to respond is the focus now," says Paul Nguyen, president of global security solutions for CSG Invotas, which sponsored the survey conducted by IDC. "We've seen a significant rise in the volume of incidents corporations have to deal with. This increasing tide has caused a gap between how much security operations can handle to be effective and how to bridge the gap and reduce response times."

The survey included security decision makers at firms with 500 or more employees. Some 61% say they are looking into ways to trim the time it takes to respond to a security event, and most say that trimming their response to a security breach or event helps protect the company's reputation and customer data.

One-fourth are in favor of automating some security processes, and they already use automation tools where possible, while 57% say they are "somewhat" comfortable automating some security processes, though with security teams involved, as well. Some 30% of security workflows are automated today, and two-thirds of companies say they will automate more elements in the next year.

The full survey is available for download here (registration required).

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/13/2014 | 3:50:47 PM
Re: Customer Relations
From a PR perspective, I hope that most companies are coming to the conclusion that they are better off getting out in front of the problem of a data breach, because it's going to come our eventually anyway. From a cybersecurity standpoint, I'm with @securityaffairs, when the effect of a data breach are discovered too late, the losses are often much greater. So a fast response is warranted on both counts.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
6/13/2014 | 2:58:18 PM
Re: Customer Relations
That's a really good point, @Whoopty. The sooner customers get word, the better for their privacy and financial security AND the rep of the breached company. Not all companies see it that way, though.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
6/13/2014 | 2:48:08 PM
Not surprised
The issue mentioned in the post is considered one of the greatest problems of the threat mitigation. Slow detection is the primary cause of losses ... in many cases the effects of a data breach or of a cyber attack are discovered too late, in other cases they will never be discovered.

It is necessary a layered approach to security to detect early the cyber threat.

 
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/13/2014 | 1:19:46 PM
Re: Customer Relations
@Whoopty

Amen to that, brother.  There's nothing more frustrating than working for a company that not only won't own up out of fear of losing credibility, or more important to them, customers, but to see the same thing happen again and again.  If they would only have come clean the first time, a solution might have come from other sources that actually works instead of trying to solve the problem on their own... 
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/13/2014 | 1:03:12 PM
Human vs Machine
I suspect there is a wide variety of conditions that lend to delayed response times from org to org.  For instance, I believe in a DevOps style security team, where you have security-oriented developers, hackers with experience on the systems doing real-time auditing and partial forensics on suspicious behavior, even if it isn't popping up on an alarm generated by the automated security suite; I also believe pushing the boundaries of your own network and apps but pen-testing.

However, I suspect there is a combination of lack of resources to pull off a team like this, and finding folks with the right set of expertise to bring it all together.  I'd be curious to see just how much longer delays in responding to intrusions are for companies with nothing but automated security software protecting them compared to real humans actively reviewing logs, watching/sniffing network traffic and auditing user activity.  I'm guessing leaving everything up to a collection of apps has the longer intrusion response time...
Whoopty
100%
0%
Whoopty,
User Rank: Moderator
6/13/2014 | 12:10:32 PM
Customer Relations
As much as I'd like to see security teams responding to issues in a more timely manner, whether it's automated or manual, I'm more interested in seeing better customer relations, with companies owning up when their security has been breached. 

Just as the company that's been hacked stands to lose data and resources from a hack, customers of that firm are also at risk, yet too often those that are breached either cover it up or wait a long time to let anyone know, meaning the problem is compounded.

Come clean about your security issues and everyone will feel far more accepting of them. 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
6/13/2014 | 7:45:29 AM
Re: hours
I know, @Brian. The report didn't drill down into types of events, so finding malware was lumped into this question from what I understand. It's the more advanced attacks that are tougher to detect (the ones that AV does not sniff out), and these numbers were more inclusive of non-advanced events as well.

 
Bprince
50%
50%
Bprince,
User Rank: Ninja
6/13/2014 | 12:32:15 AM
hours
I am surprised to even see this talked about in hours. I have seen reports talking about weeks and months. The Verizon report for example talked about something like 60 percent of breaches going undetected for months after an attack.

BP
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?