Does Anybody Care What Time It Is? Threat Latency
I sometimes wonder if we have become inured to security breaches, they are becoming so commonplace. For large corporations, the millions spent on remediation appears to be only a drop in the bucket, and we have all seen that some of their ‘ethics’ are, at times, questionable. That is a dissertation in itself. But we won’t go there today – we’ll look at just the facts.
Ponemon Institute, the guru on security reports, found that the cost of a data breach could be reduced significantly by shortening incident response time to mere minutes or even seconds. Of course, this requires powerful security and risk mitigation applications. What is needed are tools that provide full thread-level visibility into everything that has happened on end points, so incidents can be easily investigated back to the root cause, and damage assessment and response made to any threat remotely.
There is a clear incentive to improve detection and response capabilities. Evidence shows that short dwell times can mitigate damage and effectively reduce remediation costs. Ponemon Institute’s 2016 Cost of Data Breach Study, sponsored by IBM Security, demonstrates a link between the cost and the dwell time. Findings show that above a key 100-day marker, data breach costs increased by about 72 percent. By resolving issues quickly, companies keep things out of the press, and by cutting off access early, they can significantly limit the number of records compromised and amount of sensitive data stolen.
Even if we assume that some companies still take a laissez-faire approach to data breaches, this is a staggering amount of risk, which is not managed and, in many cases, not even recognized. The McAfee Grand Theft Data Report found that in 68 percent of data breach incidents, the data exfiltrated from the network was serious enough to require public disclosure or have a negative financial impact on companies. The same was true for 70 percent of incidents in smaller commercial organizations, and in 61 percent of breaches in enterprises.
“Most security studies and statistics focus on infiltration: how attackers are getting past security defenses and into the network,” explains the report. “That part of the attack is more visible, compromising machines and triggering events and alarms in the security operations center. Until now, there has been very little information available on the less visible act of data exfiltration: how attackers are removing data. Whether you see it or not, data exfiltration is a real risk for most organizations.”
Consistent with previous studies, privacy and confidentiality of customer and employee data were the biggest concern, and poor security practices the biggest challenge in the face of increasingly sophisticated attacks. Interestingly, personal information from customers and employees was the number one target, at 62 percent, as the value of private personal data surpasses even that of credit cards.
Key to fighting the battle are robust data discovery and classification tools that work in real time, even as adjuncts to security and risk mitigation software. For most solutions, real time is out of reach. They are typically limited to entity extraction, and not free-form phrases that represent sensitive or confidential information, so organizations are restricted by what they can put in regular expressions.
Digital security company Gemalto recently released the results of a global study that revealed that 65 percent of organizations are unable to analyze all the data they collect, and only 54 percent of companies know where all their sensitive data is stored. Compounding this uncertainty, 68 percent of organizations admit they do not carry out all procedures in line with data protection laws, such as General Data Protection Regulation (GDPR).
Have you taken your data security to the next level? Are you worried about bad actors hanging around your systems just waiting to attack? I would be interested in your answers.