Over 60 percent of organizations hit by data breaches don’t notice it until at least three months after the attack, with a few not uncovering attacks for years, a new study said.
During 2012, this meant the average time to discover a data breach for the 450 attacks looked at was 210 days, 35 more than for 2011, said security firm Trustwave in its 2013 Global Security Report.
The report found 14 percent of attacks do not go detected for up to two years, with 5 percent taking even longer than that.
Almost half – 45 percent – of breaches happened in retailers with cardholder data the main target. The food and beverage sector accounted for another 24 percent, hospitality 9 percent, and financial services 7 percent.
Just how are attackers getting into organizations so easily and why do IT staff not notice until long after the event?
Password discipline on infrastructure such as remote access (used by third-parties and partners, say) remains poor, with up to half of businesses still using easy-to-guess passwords.
Trustwave also found investigators can spot breaches that administrators can’t.
One reason for that is too many organizations rely on automated protection such as antivirus or a firewall that don’t fail gracefully. If attackers beat that security layer there is no other system to notice that something unusual has happened. In other words, defense in depth is not a common practice.
“All developers, particularly in the e-commerce industry, should implement a full lifecycle security plan that includes thoroughly educating themselves and their employees, equipping themselves with the best tools to protect themselves against attacks and making sure they are using the most reliable resources for Zero Day detection,” said Trustwave Chief Executive Robert J. McCullen.
Companies should unify the logs used to monitor systems rather than rely on a fragmented patchwork dedicated to different parts, he said.
Seventy percent of all client-side attacks connected to the Blackhole Exploit Kit, the report said. In addition, six in ten attacks targeted software flaws in Adobe’s PDF Reader.
In addition to analyzing 450 data breaches, the report crunched data from 2,500 penetration tests, nine million web application attacks, two million network scans and five million malicious websites.
Click here to register for the report.