Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/20/2017
05:17 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Organizations Are Detecting Intrusions More Quickly

But almost every other metric in Trustwave's 2017 global cybersecurity report card is headed in the wrong direction.

More organizations appear to be heeding the advice to implement capabilities for detecting intrusions sooner, at least based on an analysis of data from breach investigations that security vendor Trustwave conducted for clients last year.

Trustwave's analysis showed that the median number of days from an intrusion to initial detection of the compromise fell sharply from 80.5 days in 2015 to 49 days in 2016. In other words, out of all organizations for which Trustwave conducted a breach investigation last year, half discovered the breach in 49 days or less, while half took longer.

The overall range was zero to 2,000 days, meaning at least one breached organization discovered the intrusion in less than one day, while at least one took more than five years.

The news was even better for internally detected data breaches. For organizations that detected an intrusion on their own, the median was 16 days, compared to 65 days for breaches that were externally detected. Once a breach was detected, the median duration of the time to containment was 153 days.

The numbers are welcome news in an industry where most statistics, especially those that are breach-related, tend only to go upwards most of the time.

"Security is starting to take a front seat to important buying decisions," says Brian Hussey, Trustwave's vice president of cyber threat detection and response. "Organizations are tired of being hit with costly clean-up following a security breach and recognize the immediate and long term value in always-on visibility and detection," he says.

Gartner recently reported the same trend. According to the analyst firm, detection and response technologies has become a top spending priority for organizations. Gartner expects it will remain that way through at least 2020 as organizations finally begin to shift away from prevention-only security strategies.

The trend does not mean that enterprises are abandoning prevention technologies completely. But it does send the message that "prevention is futile unless it is tied into a detection and response capability," Gartner analyst Sid Deshpande wrote.

Somewhat predictably though, the rest of the news in Trustwave's report was less encouraging. A stunning 99.7% of web applications that Trustwave's scanning services tested last year had at least one vulnerability. A majority had a lot more with the average detected being 11 vulnerabilities per application. The universe of vulnerable applications included banking apps, financial apps, games, productivity apps, and corporate applications.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

The most significant findings in Trustwave's report, says Hussey, related to the number of zero-day vulnerabilities exploited in the wild targeted at Adobe Flash Player, Microsoft Silverlight, and Internet Explorer.

"For opportunistic cybercriminals, vulnerabilities in code - particularly content management systems - represent an express lane to a reward destination," he says. Even a single exploitable vulnerability in a popular CMS can give attackers a way to steal user data or host exploits on potentially thousands of web servers, he says.

Application vulnerabilities were not the only bit of bad news in the Trustwave report. The company's analysis showed a massive 54% jump in spam email in 2016 compared to the year before. Spam emails accounted for as many as six in 10 of all inbound email. Thirty-five percent of spam email contained malware, an increase of 3% over 2015.

There were similar increases on other fronts as well. Incidents involving Point of Sale (POS) systems, particularly in North America, increased from 22% in 2015 to 31% last year. More than 50% of the attacks that Trustwave investigated targeted payment card data on POS systems.

Even so, corporate and internal business networks continued to be the most breached environments in 2016, accounting for more than 4 in 10 of all breaches that Trustwave investigated.

Related content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...