Why are we so Slow to Detect Data Breaches?:
I like this quote:
{“The longer it takes to respond, the more firmly rooted the attacker will become, and more difficult and costly it will be to find and remove all of their implants,” says James Phillippe, leader of threat and vulnerability services for the U.S. at Ernst & Young. “More importantly, the longer it takes, the more likely an attacker is to find and exfiltrate the organization’s ‘secret sauce.'”}
The article goes on to say that Ponemon institute and Verizon data breach investigation report indicate it takes months even years to discover a breach. On average it takes 3 months to find the breach and 4 months to resolve it.
So it can be 7 months before it is resolved. (210 days). the problem is in technical staff and sensor placement. A mistake in either can elongate problems
Target was the poster child in missing the alert that was there
This is the Chairman of target response to a query about the breach:
{“Target was certified as meeting the standard for the payment card industry (PCI) in September 2013. Nonetheless, we suffered a data breach. As a result, we are conducting an end-to-end review of our people, processes and technology to understand our opportunities to improve data security and are committed to learning from this experience. <more legalese here>”}
As I discussed yesterday the end result is that Target is not affected by this breach in a significant manner
So since about a third of the American consumers were affected by the Target breach everyone seems more blase about this.
Target had a security department, had FireEye one of the top security Outsourcing companies, why did the breach still occur? Inattention to detail and overworked security staffs is my guess.
The detail of doing something about the alerts is important.
Otherwise the hacker will be in your network for months copying all data that is even remotely useful. And then if he feels like it (like in Sony) will delete the data and make life hell for the employees at the company.
The hacker is driven by profit and politics these days. So unless you are sure that nobody in the world is interested in using your computers and data then you can just let the hackers check your machines out.
Unfortunately the hackers will eventually sell your computer as a zombie computer to other hackers.
Zombies computers are controlled by another computer (the hacker master system)
When your computer is sold to a Ransomware computer hacker you will lose all your data, hopefully you have a good backup, since there is no guarantee the money you pay the criminal hacker will fix the problem.
Zonealarm has an article for Zombie computers: http://www.zonealarm.com/blog/2014/05/8-signs-your-pc-might-be-a-zombie/
So back to data breach timing: we need our security personnel to be better trained (we can help with this Certified Ethical hacker mentoring)
We need IPS (Intrusion prevention Systems) and IDS(Intrusion Detection Systems) http://oversitesentry.com/more-sophisticated-attacks-we-must-up-cybersecurity/ and even an IP blocking system like Polliwall.
But not just the systems, the personnel have to be capable of handling the amount of log data and alerts that come out of your sophisticated IT devices.
Ideally an alert gets created when a security event happens, but then somebody must do something.
The bottom line is testing – companies must test their processes and personnel, to make sure they are doing their job. The reason is that we do not need another Target type of hack.
Testing IT security department is a good idea.
Follow us on Twitter with hashtag #testforsecurity https://twitter.com/fixvirus
Contact Us to discuss this further.
1 thought on “Detecting #Cyberbreach Is THE Challenge”