Security Risk Management

How Quickly are you Detecting Network Intrusions?

Noah Simon | May 26, 2015

Recent breaches making headlines all share a troubling characteristic. In each breach detailed below, the intrusions of company networks lasted months - or in other cases, even longer than a year. While no company is impervious to a breach, one thing organizations can control is how quickly they respond to security incidents. The longer compromises remain neglected and unresolved, the more likely that a large-scale breach will occur, resulting in significant data loss.

CareFirst BlueCross BlueShield

On May 20, CareFirst BlueCross BlueShield said 1.1 million records had been compromised. These included birthdays, social security numbers, email addresses, and insurance identification numbers. CareFirst acknowledged that a database was first accessed in June 2014, nearly one year ago. The recent breach of Premera Blue Cross, also a healthcare provider, lasted roughly 8 months.

Penn State University

Pennsylvania State University announced on May 15 that a breach compromised servers containing information on roughly 18,000 people. During the investigation that followed, an intrusion on their network was found dating back to 2012. While it is very difficult for universities to fully regulate all of their IP space, the fact that an intrusion may have lasted three years without remediation is troubling, especially given that they and many other universities have valuable intellectual property. Download the latest BitSight Insight Report

The Education sector has a unique problem in that they often have extensive botnet infections. A recent BitSight study showed that Universities had the worst botnet grade out of several industries studied. In the study, more than 33% of colleges and universities received an ‘F’ in this category. Relative to other types malware, botnet infections can be very challenging to eliminate. Thus, early detection of botnet infections is critical.  

Sally Beauty Supply

Sally Beauty Supply was breached twice within one year. While the latest breach only lasted a few weeks, some believe it could be tied back to the same intrusion that lead to a breach the company suffered last year. Rather than just suffering from bad luck, many security experts have theorized that the company did not fully eliminate malware from its previous breach. On May 14, the company said the investigation is still ongoing.

As a whole, the Retail industry ranks very poorly when it comes to incident response time. A recent study by the Ponemon Institute and Arbor Networks found that retailers take an average of 197 days just to detect security incidents. In comparison, the Financial Services industry took 98 days to detect incidents.

How to Shorten Incident Response Time

While all industries still struggle to detect breaches, there is some good news. The 2015 M-Trends report states that the average time to detect intrusions decreased in 2014 from 2013 across all industries. Companies will greatly reduce the risk of suffering significant breaches if they detect and remediate intrusions as quickly as possible. As more companies adopt continuous monitoring solutions, incident response time should drop significantly. When companies are able to continuously monitor their own networks, as well as the networks of their third parties, they are better equipped to mitigate cyber risk.

Suggested Posts

3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...

READ MORE »

Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...

READ MORE »

Takeaways from the 2017 Gartner Security & Risk Management Summit

This year marked another great Gartner Security & Risk Management Summit with over 3,000 attendees, bringing together CEOs, CIOs, CISOs, IT Directors, Risk Managers, and other risk and security professionals to National Harbor, MD from...

READ MORE »

Subscribe to get security news and updates in your inbox.