Data security is an arms race. Attackers constantly develop more sophisticated attacks and implement them more quickly. The targets of these attacks must continually evolve. It’s not enough to have the right security measures, companies need to make sure they are protecting the right things. Today’s sophisticated attackers look for every vulnerability and will exploit the one opening they find. Additionally, the speed (frequency) of today’s attacks provides little to no recovery time or break between attacks.
The 2013 Data Breach Investigations Report (DBIR) illustrates this rise in both the speed and sophistication of attacks, as well as the challenges organizations face in identifying and combating those attacks.
Increasingly, organizations have only minutes to detect and address security breaches. In fact, 84 percent of intrusions took mere minutes for attackers to execute. Frequently, attackers scanned a company’s systems to identify vulnerabilities which were easy to exploit and then moved quickly once these were identified.
The good news for these potential victims is that not all attackers move quickly to access or steal sensitive data. In 28 percent of cases studied as part of the DBIR, it took attackers weeks to find and extract valuable data. This provides an opportunity to organizations that are able to detect and address attacks quickly. However, few organizations were able to react quickly enough. The DBIR reported that 66 percent of breaches went undetected for months.
This is a problem, but it also presents an opportunity.
Businesses that invest in rapid response security services are able to take advantage of that “golden hour” after a breach to stop attackers before they are able to access sensitive data. Similarly, monitoring traffic and event logs as part of a regular process can detect often subtle changes in network activity, identifying attackers as they are looking for those easy to exploit vulnerabilities. The key is having skilled security experts watching the network before an incident occurs so that they are move quickly once trouble arises.
A comprehensive security program is increasingly important because of the growing sophistication of attacks. Attackers are using a variety of attacks to gain access to their targets. Nineteen percent of breaches studied for the DBIR combined phishing, malware, hacking and entrenchment – an approach that has proven to be very successful. Moreover, companies often over-rate their level of security and do not really know how to determine real from perceived threats. They deploy security solutions randomly – or worse, based on inaccurate information – and leave vulnerabilities which are easy for attackers to exploit. In fact, 78 percent of attacks took little or no special skills or resources. Attackers know companies are scared and they are using that panic against them.
Addressing these threats requires a sophisticated, evidence-based and strategic approach. It begins with understanding the nature of a company’s data, identifying which is most valuable and would cause the greatest damage (to the bottom line or a company’s reputation) if exploited. The next step is addressing vulnerabilities associated with that data and creating processes specifically designed to keep that data safe. Once this is done companies are able to “right size” their security services – increasing security around the most critical data and greatest potential vulnerabilities and dialing back in areas that pose little inherent risk or potential damage.
Each year cyber threats increase. So each year companies must improve their security measures to address this new level of danger. Companies must listen to the experts and focus on the most vulnerable data and greatest threats. This will help reduce the chance of a breach. However, should an intrusion attempt succeed, reacting quickly to address it is the best action to mitigate the damage.