Reduce Data Breach Damage by Improving Detection and Response

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next Reduce Data Breach Damage by Improving Detection and Response-4 Next

Analysis

Once the security team spots a breach, according to a report from Meritalk, analyzing it takes an estimated 50 to 90 hours. While this may seem like a short time in comparison to the detection stage, malware can alert attackers to security team activity and allow them to cover their tracks, create back doors or employ new tactics to stay inside a network. If the attacker can switch identities or create multiple accounts, the security team may not be able to piece together the entire list of hosts touched by the attacker. 

Tip: It's not enough to look for alerts related to certain users. Teams must also be able to piece together when hackers jump from machine to machine and when they create back doors and new credentials. Without these detection methods, the hacker's trail can go cold.

Why should business leaders care how much time it takes to detect a breach? It's a common misconception that a breach is a breach – whether you spot it on day one or weeks later. In actuality, the time it takes to detect a breach directly correlates to the damage done and the cost to your organization. In June 2015, the Ponemon Institute released its annual cost of a data breach study and for the first time pointed out the direct relationship between the time it takes to detect a breach and the cost of the data breach itself.

When it comes to the damage done, look no further than the Office of Personnel Management (OPM) data breach as an example. The breach, which wasn't discovered for more than a year, led to waves of identity theft and numerous counts of identity switching by hackers, making them harder to find once the breach was discovered.

According to Exabeam, as an industry, our focus needs to shift from prevention to detection and response acceleration; there is no band-aid solution for keeping hackers out. The new age of security technology will focus on solutions that speed up, automate and ideally combine phases of the typical security process. By learning how hackers manipulate networks throughout phases of a breach, organizations can make the shift to a better security process.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

PAM PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.