data-breachHow long does it take to detect an enterprise data breach? Days, hours, or even weeks, recent survey findings say. Although most organizations feel that they are prepared for a breach, locating the invasion is another story.

Like symptoms in an illness, the earlier breaches are detected, the faster they can be fixed. Unfortunately, 75% of the organizations polled are ill equipped when it comes to breach detection.

Interviews with 225 mid-to-large organizations were compiled and evaluated for Proofpoint, Inc.’s latest survey. CSO’s Maria Korolov reports the findings, as follows, in her recent article:

Only 4 percent of respondents said they could detect a potential breach within seconds, and 20 percent said it would take them several minutes. For 37 percent of respondents, detection would take hours. For 21 percent, it would take days. The remaining 17 percent said that detection could take weeks or longer, or they did not know how long it would take.

“That’s not even remediation, or stopping the exfiltration,” said Kevin Epstein, Proofpoint’s vice president, advanced security and governance. “That’s just realizing that the remediation is happening. And given how fast data can be moved these days, that’s the crown jewels leaving the company. There’s a hole in the bucket and data is flowing out of it.”

Companies were probably being overly optimistic in their estimates of how long it would take them to detect a breach, given the recent experience of high-profile victims.

“Part of the reason is that many company still use manual methods to detect data breaches,” said Epstein. Then, once a threat has been detected, many companies are still relying heavily on manual mitigation.

“Organizations are still relying significantly on analysts sitting there looking through alerts,” said Epstein. “And, based on the headlines, that’s not working.”

“If you’re an analyst getting 30,000 alerts a day from your system, its hard to keep up with the crucial information,” he said. “Attackers are succeeding because there are too few firemen and a lot of fire alarms going off.”

For more statistics from the Proofpoint survey, see the full CSO article.


Breach Mitigation Response Time Too Long, Survey Says

Leave a Reply