Most orgs couldn't quickly detect breach, study
Study finds most firms can't quickly detect breaches in real time.
A recent survey found that only 21 percent of 209 respondents from an Osterman Research panel said they were able to “almost immediately” detect a breach while 34 percent said they could detect a breach within a day.
The remaining respondents reported they would need more time or had no idea how long it would take them to detect a breach, according to the results of the survey found in the DB Networks "Identifying Critical Gaps in Database Security" white paper.
Other findings in the suggested that the organizations, all of which have more than 300 employees, don't have the proper monitoring tools with 39 percent saying they lacked the necessary tools to identify a database breach resulting from compromised or abused credentials.
Only 19 percent of organizations had what they considered “excellent” visibility into their data although 63 percent had what they considered “good” visibility.
DB Network's Vice President of Marketing Michael Sabo told SCMagazine.com that those findings are related.
“If you don't have real-time monitoring to see [breaches] and stop [them], they can drain an entire database in less than a day,” Sabo said.
He said many organizations have focused most of their resources on perimeter security and often don't consider the possibility of what happens once an attacker bypasses these defenses.
Sabo said as firewalls improve, hackers find ways to bypass even the most sophisticated defenses with obfuscation and even phishing attacks.
“As more and more companies see defenses aren't keeping up with modern attacks, emphasis will change,” Sabo said.
Companies should never get too confident in their abilities to detect breaches Network Box USA Chief Technology Officer (CTO) Pierluigi Stella told SCMagazine.com via email correspondence.
“If the hackers are stealthy and not cocky, a small, slow leak of data from a database may, on the surface, appear to be a simple query, and finding out the data is actually being stolen, will be hard,” Stella said.
It's important, he added, to ensure that databases are encrypted so that stolen data is more difficult for an attacker to use.
The study also found that 47 percent of enterprises don't have an assigned team or individual responsible for database security. Researchers predicted the emphasis placed on database security will increase 14 percent in the next year while emphasis on perimeter security will increase seven percent in the next year, according to the report.
Osterman Research President Michael Osterman told SCMagazine.com that the increased focus on database security is being driven by the large number of data breaches that have hit companies recently.
“People very proactively tend to throw lots of money at problems after they occur,” Osterman said.
Intellectually, people understand the need for proactive spending but often find themselves not investing in threats that have yet to happen in order to spend on preventing threats that have already happened, he explained, noting that the industry is moving toward being more proactive but it's happening more slowly than it should.
Trend Micro Vice President of Cloud Research Mark Nunnikhoven told SCMagazine.com via emailed comments that the study “is interesting because of the gap it shows between the perception and reality for most organization's database security.”
Nunnikhoven pointed to findings that 82 percent of organizations feel they have good or excellent visibility into their data and databases even though 80 percent said they don't monitor the activity in those databases “more or less continuously.”
That doesn't add up, he said, because “cybercriminals have shifted from trying to ‘own' computing assets to stealing data” and an organizations' databases, which hold their most valuable digital assets, are sorely lacking in security.