So if one is to believe the numbers, it appears that there may be a gap, or growing over confidence in almost all industries concerning the ability of IT and the reality of life today.
Breaches pose a significant threat to every organization. A report released by Mandiant, M Trends 2015 revealed that the average time required to detect an advanced persistent threat on a corporate network is 205 days. Similarly, in the Verizon 2015 Data Breach Investigations Report, Verizon reported that two-thirds of targeted attacks generally take months to detect.
Attackers’ persistence on a target’s network isn’t an exception, or aberration; it’s the reality.
The time it takes for security personnel to detect a breach after it has occurred indicate a clear gap between occurrence and discovery. Still, most IT professionals say they are very confident in their ability to detect a security incident quickly. Why? Hmmm….. Maybe they are just a bit too confident.
In its 2016 Retail Security Survey, Tripwire, a provider of endpoint detection and security solutions, polled the responses of over 200 IT professionals in the retail sector, Tripwire found that the number of data breaches by which attackers stole or accessed personally identifiable information (PII) has doubled since 2014. Only 14 percent of respondents reported to have experienced a breach in a similar survey Tripwire conducted two years ago, a figure which has increased to one-third of participants this year.
A rise in the number of incidents has not shaken IT professionals’ confidence, either. Nearly all (95 percent) of respondents said their organization could detect a breach within a month or less, as compared to 78 percent back in 2014. That is in spite of the fact that nearly half (48 percent) of all respondents said their breach detection products are just partially integrated.
A survey of over 400 energy executives and IT professionals last summer found at least half of respondents were assured they could spot a breach in less than 24 hours. That level of overconfidence has not changed in recent months, as revealed by a February 2016 study of 763 IT personnel.
“Partially implemented tools are a serious liability for information security,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “Organizations need to move from a checkbox approach to measuring their gaps in coverage. If you’re not monitoring 100 percent of your endpoints, you’re leaving room for attackers to gain a foothold.”
How confident are you?
Based on an article in The State of Security, by Eva Hanscom in the Tripwire News