Too Often Companies Learn About Data Breaches from Others
Evidence continues to mount that most enterprises need to dramatically improve their cybersecurity.
During the last few years, the majority of data breaches were first discovered by entities other than the affected organization—a clear indication that something is wrong. In 2015, research conducted by Intel1 found that in 80% of data breach cases, the crime was discovered by law enforcement, regulatory bodies, credit card companies, banks, or customers and not by the organization themselves. Unfortunately, not much has changed. Verizon reported that in 2016, 83% of companies who experienced a data breach learned about it from outside entities2.
“As the time for attackers to compromise a target decreases, so too does the time for companies to discover a security incident. Close to a quarter of events included in Verizon’s dataset were discovered in a matter of “days or less.” Unfortunately, that percentage is increasing at a slower rate than the proportion of compromises that took “days or less”, which means attackers are one step ahead of security personnel.” —David Bisson, Tripwire
It’s also interesting that according to the Intel and Verizon studies, data theft or other damage often occurs in a matter of minutes after an organization’s networks are compromised. Yet in most cases, a number of weeks to months go by before the incident is discovered. In some instances, it took nearly two years to detect the breach.
The statistics are clear. Many if not most organizations need a more efficient way to detect and mitigate cyber-attacks.
Fortunately, recent developments in machine learning are very effective at detecting malware-based attacks, including the most advanced and evasive types. Lastline Enterprise3, which uses machine learning techniques to identify the latest and most sophisticated malware, achieved the highest rating ever from NSS Labs, the world’s leading facility for testing anti-malware products.
Organizations that deploy the right cybersecurity tools can be the first to detect an attack, not the last.
Learn more about how Lastline Enterprise can protect your company from the most advanced malware-based attacks.
Latest posts by Brian Laing (see all)
- Malware-as-a-Service: The 9-to-5 of Organized Cybercrime - March 8, 2018
- Malware Detection—Discovering Cross-Site Scripting Attacks - November 9, 2017
- NSS Labs Shows Lastline’s Exceptional Value for Breach Detection - November 1, 2017