The research found that in 69 per cent of cases, the breach was discovered by third parties, not by the victims. How should enterprises adapt their security strategies based on this information?
• The biggest statistic in that finding is that only six per cent of data breaches were discovered by active monitoring systems such as event and log analysis, and the typical data breach takes seven months for the organisation to discover. This is seven months of log records and critical records and files leaving the organisation. In one recent case we saw a CEOs PST mail file going out of the organisation through our log analysis. In the vast majority of cases, forensic tools are not required to determine what has happened. Most cases are solved through reading log records. If organisations actually read their log records they would greatly reduce the chances of being a victim of data breach and reduce the impacts should they actually be breached. We believe log analysis requires specialists as the evidence suggests that most organisations cannot perform this function internally.
Is there anything else you think that enterprises should take into consideration given the messages from this latest survey? What are they doing so wrong that has led to this overall situation?
• Organisations need to focus on doing a good and consistent job of information security. Many organisations that we see do an excellent job or information security in some areas, do not have even the simplest of controls in others. Our message to those organisations is to focus on the essential first and then worry about excellence later. Other organisations do a spring clean before an audit. In other words, they clean up the information security sins of the last 12 months prior to the annual audit. Unfortunately, the bad guys dont work to the same schedule, they work 24 hours a day, 365 days a year and need just one vulnerability to penetrate the organisation. If you think of information security like your hair, if you get a hair cut every 12 months, there is going to be 10 months a year where you look scruffy and two months where you look good. Information security is like that, it is a 12-month-per-year effort and not an annual hair cut to get a tick in the box from an auditor.
Sign up for Computerworld eNewsletters.