Attacks/Breaches

6/21/2016
10:00 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

7 Need-To-Know Attack Stats

Facts & figures about average dwell times, incident response speeds, and which direction the 'detection deficit' is heading.
Previous
1 of 7
Next


Image Source: Adobe Stock

Image Source: Adobe Stock

In information security and incident response, time is of the essence. The longer it takes to discover and remediate breaches, the more time attackers have to slowly bleed an organization of valuable information, set up persistence on the network, and otherwise wreak havoc without worry of repercussion.

Numerous security research and consultancies have established benchmarks for the average amount of time it takes to discover that attackers are operating within an infrastructure. The numbers vary from bad to worse. Take a look as Dark Reading explores some of the estimates, along with a few facts and figures about how costly long dwell times can be for organizations.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
alphaa10
50%
50%
alphaa10,
User Rank: Strategist
6/27/2016 | 11:35:57 PM
Wrong Direction
As if matters were not dire enough with an explosion in sophisticated, effective hacker tools, every criminal element which can capture a programmer or buy the software expects to rake in unprecedented profit.

Are corporate chiefs still asleep, trusting in the old IDS model for security? From all appearances, they are, indeed, and it will take millions more in losses before they awaken to the threat.

Poor training, coupled with antiquated threat indentification methods, understaffed IT sections, merger-speed corporate expansion, and profound ignorance of the threat conspire to make "corporate security" (almost) an oxymoron.

For Dark Readers, these are the dark ages of network security.

 

 
kbannan100
50%
50%
kbannan100,
User Rank: Apprentice
6/22/2016 | 10:49:33 AM
Re: The million dollar mark
"...the time from attack to compromise and attack to exfiltration is rarely longer than a few days."

Which means you have to be doubly vigilant when it comes to protecting everything -- endpoints such as printers and mobile devices, wireless connections, everything! And people are not doing that. Here's a portion of a white paper I have open on my desktop: 

"Many do not realize that embedded devices such as printers and industrial controllers can be the source or initial access point for a network breach. In fact, one of the largest identity theft cases in 2014 involved Target's POS systems and leveraged weaknesses within the building's HVAC systems to gain a foothold within Target's internal network." 

Crazy! The white paper can be found here, BTW: bit.ly/1sq1kyG

--Karen Bannan, commenting for IDG and HP
Charlie Babcock
100%
0%
Charlie Babcock,
User Rank: Ninja
6/21/2016 | 6:10:13 PM
The million dollar mark
Slide 4: Find a breach in its first 100 days, save a million dollars. Whew. What a statistic.
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.