Breach Detection Times Have Not Improved

Next: Look to the Data, not the Headlines
Previous: The Rise Of Politically Identifiable Information
No animals were harmed in the making of this blog post.
Writer Emily W.
June 16, 2016

Emily serves as the Director of Analysis at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).

Yesterday, Ponemon released the 2016 Cost of Data Breach Global Report. The numbers are in, and unfortunately breach detection times are still extraordinarily long.

The longer a breach goes undetected, the greater the risk to the organization.

According to the report, the time to identify attacks from malicious and criminal sources (which make up 48% of the attacks reviewed) was a full 229 days. Breaches from human error and system glitches still crossed the five-month threshold, at an average of 162 days and 189 days respectively. Unfortunately for these organizations, those are just the averages. Ponemon reports a range spanning 20 to 569 days in their survey, meaning the fastest detection took nearly a full month, and the longest took just shy of two years.

Organizations do not have that time to spare.

They need to immediate notification in the event that their information appears online. Once a breach is identified, companies must still contain the security threat, assess the damage, and begin the remediation process, all while attempting to maintain their customer base - something that’s hard to do when you’re two years late on noticing a breach (assuming you ever even notice it in the first place).

The longer a breach goes undetected, the greater the risk to the organization. As we’ve seen recently, Russian criminals had access to Democratic National Committee’s systems for over a year before the DNC noticed an issue. As with other extended access breaches, criminals have the opportunity to monitor, explore, and learn about a system, putting them in a position to release not only the original data itself, but also truncated or manipulated versions of the data, with no one the wiser. Criminals also gain insight into sensitive information about third parties in the process. It takes little effort to expand the original breach into an opportunity to exploit vulnerabilities among an organization’s partners, clients, or contractors, exponentially increasing the breach footprint.

Organizations must be in a position to quickly identify the exposure of their data - and confirm its authenticity - in the event of a breach. At Terbium Labs, we help them do just that.

RELATED ARTICLES
industry September 21, 2018
Security is Dead. Long Live Security.

Data has intrinsic value – think of it like money, just stored differently. We currently live in a world where actors use sophisticated tradecraft previously relegated to the shadowy world of government intelligence to...

industry August 09, 2016
The Security Industry Mindset: Black Hat 2015 vs. Black Hat 2016

The contrast in marketing imagery at Black Hat in 2016, compared to Black Hat 2015, represents a palpable shift in the industry away from fear, uncertainty, and doubt toward rational risk management and a...