Click here for your free ISO 27001 gap analysis checklist.
An alarming new report has surfaced from researchers at U.S. telecommunications company, Verizon, indicating that while an attack might take place in mere seconds, the discovery of a data breach can take weeks and even months.
The report was compiled through thorough analysis of 41,686 ‘security incidents’, of which 2,013 were confirmed data breaches from 73 separate data sources where a third-party was able to access the data lurking inside an organisation’s network. It took account of data from both public and private entities across 86 countries, meaning it is one of the most wide-sprawling and accurate depictions of the state of data protection in recent months.
“No matter what defensive measures security professionals put in place, attackers are able to circumvent them.”
While on average an attack takes a matter of minutes to launch, the report found that the response time in discovering these attacks was severely lacking. More than 56% of successful breaches identified - of the 2,013 outlined in the report - took months, in some cases even longer to discover.
It continued to explain that while something physical like a stolen laptop will, on average, be discovered quite quickly, sensitive data like credit cards can typically take weeks and even months to be identified.
In terms of who was hacked, it seems as though third-party hackers don’t discriminate. 43% of breaches impacted a small business; a near 50/50 split between large and small businesses.
52% of breaches featured some form of hacking, either a phishing attack and subsequent use of stolen credentials to access a private network. Other methods like the use of backdoors and the effective use of malware to access a network were also used successfully.
“These tactics have historically been common facets of data breaches and based on our data, there is still much success to be had there,” the report said.
According to the report, where measurable, financial gain is the most common driver behind breaches, accounting for 71% of reported cases. Interestingly enough, 25% of breaches constituted some form of espionage.
“No organization is too large or too small to fall victim to a data breach. Regardless of the type or amount of your organization’s data, there is someone out there who is trying to steal it. Having a sound understanding of the threats you and your peer organizations face, how they have evolved over time, and which tactics are most likely to be utilized can prepare you to manage these risks more effectively and efficiently.”
“There is little that financial organizations can do to ensure that their customers are running up-to-date malware defenses or make them ‘phish-proof’, but spreading a little security awareness their way can’t hurt,”
As Elizabeth Blosfield of Insurance Journal notes, “businesses susceptible to a data breach should do all they can to not only protect data that is likely to be targeted, but also develop a plan to recognize and respond to a breach in a timely manner.”
ISO 27001 is one of the most effective tools in minimising the risk of a data breach, and mitigating the worse of the financial - even legal - pain in the aftermath of a data breach. Find out how you can better protect your data, and the data of your key stakeholders by getting ISO 27001-certified; click here for your free ISO 27001 gap analysis checklist.