Survey Finds Most Firms Would Take Hours to Detect Breach
An article review.
You have to detect the breach first
Many companies have plans for when a breach occurs. After all, there is no such thing as 100% security. As Dan Hadaway will highlight in his upcoming “Turning Lemons into Lemonade with Incident Response” webinar on April 2nd, it’s only a matter of time before you take your turn at the breach wheel. According to a recent study funded by Proofpoint, Inc., 68% of the firms surveyed stated that they were prepared for a breach.
The response statistics were not the alarming part though. Out of the 225 entities surveyed, here’s how fast they said they could detect a breach:
- 4% within seconds
- 20% within minutes
- 37% within hours
- 21% within days
- 17% weeks or longer
Here at infotex, we think this extended detection time is unacceptable. We recommend having a second layer of malware defense, segregated 24×7 monitoring of your network, and a team who is consistently thinking about ways to improve your incident response program. This is definitely the solution to this problem.
We also want our MSSP Clients to know that our average response time on negative incidents (not including IPS, which is milliseconds) is around 15 minutes . . . meaning that if the breach is discoverable in network traffic or event logs, this article would NOT apply to you!
The above is what we call an “Article Review.” It is part of our attempt to help our readers find excellent reading materials to back up important technology risk management concepts. We try not to include articles that are merely news or additional news about mainstream issues. Instead, we try to highlight articles that our “typical clients” should be sure to read, or that are about concepts “outside the mainstream media.” infotex does not intend to endorse views represented by the writers of the articles we review, nor do we try to keep our Clients aware of EVERYTHING. For example, if a particular story concept is being reported upon in many different media sources, infotex usually chooses to ignore the story concept altogether, unless we can find a “unique take” on the story concept.