Breach Detection Times Have Not Improved

Next: Look to the Data, not the Headlines
Previous: The Rise Of Politically Identifiable Information
No animals were harmed in the making of this blog post.
Writer Emily W.
June 16, 2016

Emily serves as the VP of Research at Terbium Labs. With a background in International Relations, Emily alternates between quiet rants about Russian politics and foreign policy, while crafting blog posts about the realities of the Dark Web (hint: red rooms aren't real).

Yesterday, Ponemon released the 2016 Cost of Data Breach Global Report. The numbers are in, and unfortunately breach detection times are still extraordinarily long.

The longer a breach goes undetected, the greater the risk to the organization.

According to the report, the time to identify attacks from malicious and criminal sources (which make up 48% of the attacks reviewed) was a full 229 days. Breaches from human error and system glitches still crossed the five-month threshold, at an average of 162 days and 189 days respectively. Unfortunately for these organizations, those are just the averages. Ponemon reports a range spanning 20 to 569 days in their survey, meaning the fastest detection took nearly a full month, and the longest took just shy of two years.

Organizations do not have that time to spare.

They need to immediate notification in the event that their information appears online. Once a breach is identified, companies must still contain the security threat, assess the damage, and begin the remediation process, all while attempting to maintain their customer base - something that’s hard to do when you’re two years late on noticing a breach (assuming you ever even notice it in the first place).

The longer a breach goes undetected, the greater the risk to the organization. As we’ve seen recently, Russian criminals had access to Democratic National Committee’s systems for over a year before the DNC noticed an issue. As with other extended access breaches, criminals have the opportunity to monitor, explore, and learn about a system, putting them in a position to release not only the original data itself, but also truncated or manipulated versions of the data, with no one the wiser. Criminals also gain insight into sensitive information about third parties in the process. It takes little effort to expand the original breach into an opportunity to exploit vulnerabilities among an organization’s partners, clients, or contractors, exponentially increasing the breach footprint.

Organizations must be in a position to quickly identify the exposure of their data - and confirm its authenticity - in the event of a breach. At Terbium Labs, we help them do just that.

industry September 19, 2019
BREAKING: Scotiabank Leak, Potentially Devastating, Completely Preventable

Early this morning news began to break that GitHub repositories containing application source code, private login keys, and more sensitive information had been discovered online, belonging to The Bank of Nova Scotia, the 3rd...

industry September 06, 2019
Bribes, Bad Movies, and Le Cybergendames - The Month of August in 5 Articles

Each Month Terbium Labs’ Research Team curates news and information from the corners of the internet just for you! Articles, research, infographics, and more related to infosecurity, cybercrime, payment card fraud, automation, and other...