Attacks/Breaches

6/12/2014
08:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Report: Slow Detection, Slow Response

One-third of network security hacks are not discovered for hours, a report says.

More than one-third of data breaches aren't detected for hours, and recovering from a breach takes anywhere from days to months, a new survey says.

"The mean time to respond is the focus now," says Paul Nguyen, president of global security solutions for CSG Invotas, which sponsored the survey conducted by IDC. "We've seen a significant rise in the volume of incidents corporations have to deal with. This increasing tide has caused a gap between how much security operations can handle to be effective and how to bridge the gap and reduce response times."

The survey included security decision makers at firms with 500 or more employees. Some 61% say they are looking into ways to trim the time it takes to respond to a security event, and most say that trimming their response to a security breach or event helps protect the company's reputation and customer data.

One-fourth are in favor of automating some security processes, and they already use automation tools where possible, while 57% say they are "somewhat" comfortable automating some security processes, though with security teams involved, as well. Some 30% of security workflows are automated today, and two-thirds of companies say they will automate more elements in the next year.

The full survey is available for download here (registration required).

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/13/2014 | 3:50:47 PM
Re: Customer Relations
From a PR perspective, I hope that most companies are coming to the conclusion that they are better off getting out in front of the problem of a data breach, because it's going to come our eventually anyway. From a cybersecurity standpoint, I'm with @securityaffairs, when the effect of a data breach are discovered too late, the losses are often much greater. So a fast response is warranted on both counts.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
6/13/2014 | 2:58:18 PM
Re: Customer Relations
That's a really good point, @Whoopty. The sooner customers get word, the better for their privacy and financial security AND the rep of the breached company. Not all companies see it that way, though.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
6/13/2014 | 2:48:08 PM
Not surprised
The issue mentioned in the post is considered one of the greatest problems of the threat mitigation. Slow detection is the primary cause of losses ... in many cases the effects of a data breach or of a cyber attack are discovered too late, in other cases they will never be discovered.

It is necessary a layered approach to security to detect early the cyber threat.

 
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
6/13/2014 | 1:19:46 PM
Re: Customer Relations
@Whoopty

Amen to that, brother.  There's nothing more frustrating than working for a company that not only won't own up out of fear of losing credibility, or more important to them, customers, but to see the same thing happen again and again.  If they would only have come clean the first time, a solution might have come from other sources that actually works instead of trying to solve the problem on their own... 
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
6/13/2014 | 1:03:12 PM
Human vs Machine
I suspect there is a wide variety of conditions that lend to delayed response times from org to org.  For instance, I believe in a DevOps style security team, where you have security-oriented developers, hackers with experience on the systems doing real-time auditing and partial forensics on suspicious behavior, even if it isn't popping up on an alarm generated by the automated security suite; I also believe pushing the boundaries of your own network and apps but pen-testing.

However, I suspect there is a combination of lack of resources to pull off a team like this, and finding folks with the right set of expertise to bring it all together.  I'd be curious to see just how much longer delays in responding to intrusions are for companies with nothing but automated security software protecting them compared to real humans actively reviewing logs, watching/sniffing network traffic and auditing user activity.  I'm guessing leaving everything up to a collection of apps has the longer intrusion response time...
Whoopty
100%
0%
Whoopty,
User Rank: Ninja
6/13/2014 | 12:10:32 PM
Customer Relations
As much as I'd like to see security teams responding to issues in a more timely manner, whether it's automated or manual, I'm more interested in seeing better customer relations, with companies owning up when their security has been breached. 

Just as the company that's been hacked stands to lose data and resources from a hack, customers of that firm are also at risk, yet too often those that are breached either cover it up or wait a long time to let anyone know, meaning the problem is compounded.

Come clean about your security issues and everyone will feel far more accepting of them. 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
6/13/2014 | 7:45:29 AM
Re: hours
I know, @Brian. The report didn't drill down into types of events, so finding malware was lumped into this question from what I understand. It's the more advanced attacks that are tougher to detect (the ones that AV does not sniff out), and these numbers were more inclusive of non-advanced events as well.

 
Bprince
50%
50%
Bprince,
User Rank: Ninja
6/13/2014 | 12:32:15 AM
hours
I am surprised to even see this talked about in hours. I have seen reports talking about weeks and months. The Verizon report for example talked about something like 60 percent of breaches going undetected for months after an attack.

BP
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.