70% of breaches are detected by a third-party
46 percent of organizations that have suffered a data breach took more than four months to detect a problem, and more than three months to mitigate the risk. Worryingly, the survey of 1,000 IT professionals, conducted by OnePoll on behalf of LogRhythm, also revealed that 70 percent of breaches were detected by a third-party, rather than the organization itself.
Perhaps unsurprisingly, 73 percent believe their company’s data is vulnerable to being hacked, while 47 percent think their company should be doing more to improve the time it takes to detect and respond to threats.
While 59 percent of IT professionals say poor cyber security practices can have a big impact on business growth, a corresponding survey of 2,000 consumers found that many employees lack the awareness required to identify potential threats. The survey revealed that 86 percent of UK consumers do not know what spearphishing is, while 40 percent of those that have fallen victim to such a ruse have ended up sharing confidential information. Despite this, two thirds (66 percent) of employees do not receive any training on how to stay safe online at work.
“It’s clear that even though big breaches are consistently making headlines around the world, businesses are still not doing enough to protect their networks from today’s threats. Every organization today should see themselves as a target and have the necessary systems in place to identify and mitigate threats as soon as they arise – which is clearly not happening,” said Ross Brewer, vice president and managing director for international markets at LogRhythm. “While the maturity of an organization’s security can vary dependent on budgets and its own risk tolerances, today’s threat landscape is such that if a hacker wants to get in, they will, which means every single organization should seriously consider putting systems in place that will immediately alert them to suspicious activity.”
“What’s more, even the most bare-bones business needs to take greater responsibility for educating employees,” continues Brewer. “As the front-line of any business there is the very real danger that, without increased education, an employee could easily and unwittingly leave the door to sensitive information wide open.”
More positively, the survey indicated that employees are now less likely to steal data from an organization than has been seen in previous LogRhythm research. Indeed, a similar survey from LogRhythm last year found that 38 percent of organizations did not have, or did not know of, any systems in place to stop employees accessing information they shouldn’t. In this year’s research this figure fell to 29 percent.
“This is a very positive step forward and shows that organizations are waking up to the insider threat. Over the last 12 months there have been a number of high profile breaches perpetrated by employees and this may have encouraged businesses to pay closer attention to internal goings-on,” said Brewer. “Clearly we are making moves in the right direction, and next year I hope we’ll see similar improvements in the time it takes businesses to detect and respond to breaches.”