Are The Police Your Primary Intruder Alert System
When I look at the security survey data out there, I often wonder to myself, “Is it the official policy of business leaders to rely upon law enforcement as their primary notification of a security breach.” It sure seems that way. For instance, a 2014 report from Trustwave found that 71% of victimized companies did not detect a security breach themselves. Law enforcement, suppliers or customers had to notify the company it had been breached. The 2015 report examined the same topics and found that the number was now 81%. So, 81% of victimized companies had to be notified of a breach by someone else. Hopefully that number doesn’t increase to 91% in the 2016 report. We’ll see though.
On one positive (can we call it that?) note, the two reports showed that the median length of days to detect the breach stayed about the same. In 2014, the average number of days was 87. In 2015 it was 86 days. The Ponemon Institute conducted two surveys as well in 2015 and got a result that appears to be similar. The report stated that it takes financial firms an average of 98 days to detect a data breach. A second report specific to the retail industry showed that retailers can take up to 197 days to detect a breach. This is a little troublesome since retailers handle so much credit card data. However, it does explain a little more about why retail breaches can be so costly—the bad actor has had more than half a year to discover personal data for customers and employees, insert malware, and/or steal corporate secrets.
An example comes from Wendy’s Restaurants. According to an article posted on the International Business Times in January of 2016, Wendy’s suffered a security breach that has allowed credit card information to be stolen. Wendy’s was notified of suspicious activity by several banks and is now investigating. There is no information on when the breach occurred, how long it persisted or even whether it is contained at this point. This data clearly shows that the findings from Trustwave and Ponemon are very believable.
Once the stolen data is collected, it is then sold or freely posted on the black market. Check out this article from ZD Net for how that works. It’s incredible to see how fast criminals jump on the data to try to exploit it – a few hours or days (maximum). And then how the data travels all over the world and to every continent, except maybe for Antarctica—I guess the penguins down there aren’t criminal types. Although, I did see one penguin deliberately steal a rock from another penguin in the movie March of the Penguins, but let's set that criminal act aside for another discussion.
So, what is your intruder alert system? At Ixia we have been working with customers to ensure they beat these odds. In this whitepaper, we describe the best practices that keep you out of the news.