How Quickly are you Detecting Network Intrusions?

Noah Simon | May 26, 2015 | tag: Security Risk Management

Recent breaches making headlines all share a troubling characteristic. In each breach detailed below, the intrusions of company networks lasted months - or in other cases, even longer than a year. While no company is impervious to a breach, one thing organizations can control is how quickly they respond to security incidents. The longer compromises remain neglected and unresolved, the more likely that a large-scale breach will occur, resulting in significant data loss.

CareFirst BlueCross BlueShield

On May 20, CareFirst BlueCross BlueShield said 1.1 million records had been compromised. These included birthdays, social security numbers, email addresses, and insurance identification numbers. CareFirst acknowledged that a database was first accessed in June 2014, nearly one year ago. The recent breach of Premera Blue Cross, also a healthcare provider, lasted roughly 8 months.

Penn State University

Pennsylvania State University announced on May 15 that a breach compromised servers containing information on roughly 18,000 people. During the investigation that followed, an intrusion on their network was found dating back to 2012. While it is very difficult for universities to fully regulate all of their IP space, the fact that an intrusion may have lasted three years without remediation is troubling, especially given that they and many other universities have valuable intellectual property. Download the latest BitSight Insight Report

The Education sector has a unique problem in that they often have extensive botnet infections. A recent BitSight study showed that Universities had the worst botnet grade out of several industries studied. In the study, more than 33% of colleges and universities received an ‘F’ in this category. Relative to other types malware, botnet infections can be very challenging to eliminate. Thus, early detection of botnet infections is critical.  

Sally Beauty Supply

Sally Beauty Supply was breached twice within one year. While the latest breach only lasted a few weeks, some believe it could be tied back to the same intrusion that lead to a breach the company suffered last year. Rather than just suffering from bad luck, many security experts have theorized that the company did not fully eliminate malware from its previous breach. On May 14, the company said the investigation is still ongoing.

As a whole, the Retail industry ranks very poorly when it comes to incident response time. A recent study by the Ponemon Institute and Arbor Networks found that retailers take an average of 197 days just to detect security incidents. In comparison, the Financial Services industry took 98 days to detect incidents.

How to Shorten Incident Response Time

While all industries still struggle to detect breaches, there is some good news. The 2015 M-Trends report states that the average time to detect intrusions decreased in 2014 from 2013 across all industries. Companies will greatly reduce the risk of suffering significant breaches if they detect and remediate intrusions as quickly as possible. As more companies adopt continuous monitoring solutions, incident response time should drop significantly. When companies are able to continuously monitor their own networks, as well as the networks of their third parties, they are better equipped to mitigate cyber risk.

Suggested Posts

The BitSight and Moody's Partnership: A New Era For Cybersecurity

Cybersecurity is one of the biggest threats to global commerce in the 21st century.

By providing data-driven insights into cybersecurity, we can empower the marketplace to make better, risk-informed decisions and create a more secure...

READ MORE »

4 Critical Success Factors for Effective Security Risk Management

With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed...

READ MORE »

IoT Cybersecurity: How Your Organization Can Tame the Wild West

From sensors on the factory floor to those that guide autonomous vehicles, the Internet of Things (IoT) is transforming how we live and work. Over the coming years, IoT will continue to change our world, with the number of connected...

READ MORE »

Get the Weekly Cybersecurity Newsletter.