Yesterday, Ponemon released the 2016 Cost of Data Breach Global Report. The numbers are in, and unfortunately breach detection times are still extraordinarily long.
According to the report, the time to identify attacks from malicious and criminal sources (which make up 48% of the attacks reviewed) was a full 229 days. Breaches from human error and system glitches still crossed the five-month threshold, at an average of 162 days and 189 days respectively. Unfortunately for these organizations, those are just the averages. Ponemon reports a range spanning 20 to 569 days in their survey, meaning the fastest detection took nearly a full month, and the longest took just shy of two years.
Organizations do not have that time to spare.
They need to immediate notification in the event that their information appears online. Once a breach is identified, companies must still contain the security threat, assess the damage, and begin the remediation process, all while attempting to maintain their customer base – something that’s hard to do when you’re two years late on noticing a breach (assuming you ever even notice it in the first place).
The longer a breach goes undetected, the greater the risk to the organization. As we’ve seen recently, Russian criminals had access to Democratic National Committee’s systems for over a year before the DNC noticed an issue. As with other extended access breaches, criminals have the opportunity to monitor, explore, and learn about a system, putting them in a position to release not only the original data itself, but also truncated or manipulated versions of the data, with no one the wiser. Criminals also gain insight into sensitive information about third parties in the process. It takes little effort to expand the original breach into an opportunity to exploit vulnerabilities among an organization’s partners, clients, or contractors, exponentially increasing the breach footprint.
Organizations must be in a position to quickly identify the exposure of their data – and confirm its authenticity – in the event of a breach. At Terbium Labs, we help them do just that.