While the security world is usually filled with cries of doom and gloom, there may be a glimmer of hope on the horizon for companies of all sizes.
In its most recent 2017 Trustwave Global Security Report based on hundreds of real world breach investigations across 17 countries, Trustwave found that the median time from the first intrusion to detection of a network compromise has decreased – from 80.5 days in 2015 to just 49 days in 2016. In one year, the amount of time it took to detect a compromise was cut in half.
This signifies a substantial shift in the way organizations protect their networks, which is a welcome change given that the longer a data compromise lasts, the more harm the attacker can do and the costlier the breach becomes. In many cases, breaches are not discovered until well after the damage has been done, costing businesses money, customers, as well as hidden costs such as major reputational damage.
With such high stakes, and with high-profile breaches like WannaCry and Petya making headlines, it's no wonder that businesses are prioritizing detecting, containing and remediating threats.
In-House vs. Third Party Detection
When victims can detect compromises internally, or with the help of a managed security service provider(MSSP), they generally do so quickly. The median time between intrusion and detection was just 16 days for internally detected incidents. On the flip side, in cases where victims did not learn of the breach until regulatory bodies, law enforcement or other third parties notified them, the duration was much longer, with a median of about 65 days.
The report also showed that once an intrusion was detected, victim organizations who discovered the compromise internally where much quicker to jump into action than when it was detected externally. In fact, in cases where containment occurred after internal detection, the median duration between the milestones was just two days compared to 22 days for externally detected breaches.
This disparity is due in part to the tools and techniques available to businesses that are monitoring their security internally, or working with a provider that is keeping a close watch. Perhaps this is why 83 percent of IT and security professionals surveyed in a recent Trustwave study said they plan to or already partner with an MSSP.
Lightening the Vulnerability Impact
Data compromises of varying degrees of severity can hit any organization at any time. An increasingly popular mindset in cybersecurity is to assume that attackers will eventually breach through your defenses, and so it's more important to concentrate on quickly identifying intruders and limiting the damage they can do. As we've seen with many high profile breaches, these campaigns can run for extended periods of time and do a significant amount of damage to a company's reputation and bottomline. However, the cost and effort of securing a network against a data compromise pales in comparison the cost and effort of cleaning up after a breach, as the Ponemon Institute lists the average cost of a data breach this year at $3.62 million. While this is a heavy price to pay, there are a number of steps companies can take to protect themselves against cyber criminals.
In addition to implementing policy and procedures and training employees on information security best practices, businesses must also invest in other solutions that can help them protect sensitive data and prevent attacks. This includes setting up remote-access solutions and strict firewall and system configurations, while also following password guidelines and practicing reactive procedures like malware removal and patch management. Businesses can also look to proactive approaches to security such as regular penetration testing or the more advanced threat hunting tactics to help keep their network safe from intruders.
This data highlights a big step forward for businesses and security providers alike, but there is still work to be done as the threat of security breaches continues to rise. Assuming that your company has already been breached, or will be breached in the near future is a productive outlook to take, as it encourages proactive thinking. As an industry, it's imperative to continue this focus on key areas like threat detection and response, security scanning and testing and cloud security services that provide meaningful layers of protection from constantly evolving threats.