A recent Bitdefender survey of 1,050 chief information security officers found while half the respondents admitted their company was breached in the last year one in six who did so still couldn’t identify how the attack happened.
An even higher percentage think their company is likely or very likely currently to face an ongoing security breach without knowing it (25%). The main consequence of being unaware of a breach while it is happening is business interruption, according to more than half of IT execs. Depending on the industry, these interruptions can have a significant impact on a reputation, mainly if they lead to widespread media coverage or publicly expose customer data, or trigger direct financial losses, both mentioned by 44% of European and American CISOs. Intellectual property loss, legal fines and penalties, or even job loss for those responsible for preventing the attack could also be side effects of late detection and not minimizing the dwell time of infections.
As a result, 82% of companies have security tools, processes, and staff to detect and respond to advanced attacks. Two-thirds have this service as an in-house or do-it-yourself operating model while a quarter have opted for outsourced models.
Using their current security tools, UK respondents think 63% of advanced attacks can be efficiently prevented, detected and isolated. This compares to 61% in the US, 60% in Italy, 58% in France and Sweden, 52% in Germany, and 44% in Denmark.
US CISOs said it took, or would take, four weeks to detect an advanced cyber-attack. This is the highest average of any market. Respondents from the UK, Germany, France, Sweden and Denmark all said they need three weeks to detect an advanced cyber-attack.
Asked if they had experienced an advanced attack or malware outbreak, more than half ofrespondents in the UK (57%), USA (55%), France (58%) and Italy (53%) said that they had. During 2017, WannaCry, GoldenEye ransomware outbreaks showed CISOs that known yet unpatched vulnerabilities can have dire consequences on businesses and infrastructures if weaponized with wormable behavior.
Suspicious network behavior has been decisive in uncovering a malware outbreak or an advanced attack, mentioned as a key clue by 75% of Italians, 73% of Danes, 69% of Brits, 67% of Swedes, 65% of Americans, 54% of French, and 51% of Germans. The second most frequently given answer, across all markets except Sweden, was corruption of data or systems, while external security audit was the third most frequently given answer by respondents in the UK (23%), USA, (39%), France (30%), Italy (30%), Sweden (39%) and Denmark (48%). For German CISOs, the third most frequent answer was a significant business infrastructure disruption, at 35%.
Not only does increased visibility help organizations figure out when and how they were breached, it also enables them to take preventative measures to plug future similar security events. In the context of GDPR (General Data Protection Regulation), planning a security strategy for protecting company and client data based on increased visibility across the entire infrastructure helps derive compliance and a strong security posture.
With security breaches estimated to sometimes last for months without triggering any warnings, an inability to accurately observe and take action against an ongoing intrusion could mean compromising all customer and mission-critical data, directly impacting business continuity and reputation. Detecting ongoing breaches as close to the initial point of compromise as possible reduces potential fallout from a data leak and helps organizations strengthen their reputation by taking action before irreparable damages occur. However, spotting an ongoing breach also means fighting alert fatigue caused by noisy traditional security solutions. This means IT and security teams are usually racing against time when filtering security alerts, something that’s difficult to pull off, especially if understaffed and overburdened.