Is 10 Hours Too Long To Spot A Data Breach?

15/12/2013 23:30

If you’re in a fight, you need to know that while it’s happening, not after the fact.” These compelling words jump off the page in Needle in a Datastack, a new and chilling report from McAfee data security. Failure to detect the battle can leave you badly bruised if not seriously maimed but the study’s authors state that on average, the guys responsible for detection predicted it would take numerous hours to notice the intrusion—an optimistic expectation that bears little resemblance to past experiences.

 “The ability to detect data breaches within minutes is critical in preventing data loss, yet only 35 percent of firms stated that they have the ability to do this. In fact, more than a fifth (22 percent) said they would need a day to identify a breach, and five percent said this process would take up to a week. On average, organizations reported that it takes 10 hours for a security breach to be recognized,” the study’s authors wrote.

While 10 hours may seem rapid, it’s both unrealistic and inadequate based on past experience. Recent reports from Trustwave and Verizon yield averages that tell a different story. Trustwave’s annual survey of recent breaches released in March showed that two thirds of all breaches took 90 days to detect and some ran for 200 days before discovery. Verizon’s report covering the past year showed that 63% of its breach case studies took weeks or months to uncover but in almost half (46%) of the cases, the data was gone in mere minutes. In minutes.

McAfee warns that a large percentage of data managers are clearly overly confident in their ability to detect the brawl when it starts. While roughly 3/4 of the firms surveyed claimed they could determine their security status immediately, of the 58% who reported a breach, only 24% had been able to spot it in minutes. Locating the source of the breach took even longer for most companies.

 “This study has shown what we’ve long suspected -- that far too few organizations have real-time access to the simple question ‘Am I being breached?’ Only by knowing this, can you stop it from happening,” said Mike Fey, executive vice president and worldwide Chief Technology Officer.

The article can be found at: