How Quickly are you Detecting Network Intrusions?

Recent breaches making headlines all share a troubling characteristic. In each breach detailed below, the intrusions of company networks lasted months - or in other cases, even longer than a year. While no company is impervious to a breach, one thing organizations can control is how quickly they respond to security incidents. The longer compromises remain neglected and unresolved, the more likely that a large-scale breach will occur, resulting in significant data loss.

CareFirst BlueCross BlueShield

On May 20, CareFirst BlueCross BlueShield said 1.1 million records had been compromised. These included birthdays, social security numbers, email addresses, and insurance identification numbers. CareFirst acknowledged that a database was first accessed in June 2014, nearly one year ago. The recent breach of Premera Blue Cross, also a healthcare provider, lasted roughly 8 months.

Penn State University

Pennsylvania State University announced on May 15 that a breach compromised servers containing information on roughly 18,000 people. During the investigation that followed, an intrusion on their network was found dating back to 2012. While it is very difficult for universities to fully regulate all of their IP space, the fact that an intrusion may have lasted three years without remediation is troubling, especially given that they and many other universities have valuable intellectual property.

security ratings snapshot example

Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.

Get Your Rating
Button Arrow

The Education sector has a unique problem in that they often have extensive botnet infections. A recent BitSight study showed that Universities had the worst botnet grade out of several industries studied. In the study, more than 33% of colleges and universities received an ‘F’ in this category. Relative to other types malware, botnet infections can be very challenging to eliminate. Thus, early detection of botnet infections is critical.

Sally Beauty Supply

Sally Beauty Supply was breached twice within one year. While the latest breach only lasted a few weeks, some believe it could be tied back to the same intrusion that lead to a breach the company suffered last year. Rather than just suffering from bad luck, many security experts have theorized that the company did not fully eliminate malware from its previous breach. On May 14, the company said the investigation is still ongoing.

As a whole, the Retail industry ranks very poorly when it comes to incident response time. A recent study by the Ponemon Institute and Arbor Networks found that retailers take an average of 197 days just to detect security incidents. In comparison, the Financial Services industry took 98 days to detect incidents.

How to Shorten Incident Response Time

While all industries still struggle to detect breaches, there is some good news. The 2015 M-Trends report states that the average time to detect intrusions decreased in 2014 from 2013 across all industries. Companies will greatly reduce the risk of suffering significant breaches if they detect and remediate intrusions as quickly as possible. As more companies adopt continuous monitoring solutions, incident response time should drop significantly. When companies are able to continuously monitor their own networks, as well as the networks of their third parties, they are better equipped to mitigate cyber risk.