Security breaches in companies can happen over a surprisingly long time, the hackers can be present in your system for many months undetected. In the U.S. Kmart reported that a data breach of credit card and debit card numbers had occurred over a month long period. Also Staples acknowledged a credit card breach took place in 119 stores, which resulted in a theft of data from as many as 1.16 million customer and this happened over a 6 month period. Retailer Neiman Marcus did not detect hackers accessing information for eight months, in which time 60,000 warning alerts had been set off and ignored by staff. Able to access information from the business cash registers, 9,000 credit cards where used fraudulently before the hack was stopped. Reports suggest that these are not isolated cases. A Ponemon Report sponsored by Cyphort showed in March 2016 that most companies took on average 170 to detect an attack.
For businesses this is a stark fact. A survey by consultancy firm CEB entitled IT Budget Benchmark 2016 showed almost three-quarters of the 90 per cent of chief information security officers (CISOs) at FTSE 100 and FTSE 500 who expected a cyber attack in 2016 said they didn’t think they had adequate security in place to deal with the danger. This may be because businesses can’t focus entirely on potential risks at the expense of them developing their business. This means a modern approach to risk management is needed.
Tools are essential to help businesses understand what is going on. “You need good instrumentation. You definitely need an event correlation engine, but it has to be looking for the right events,” said Lee Neely, a mentor at the SANS Institute who also works as a security professional at Lawrence Livermore National Laboratory. They must spot different types of attacks, distinguish between them where necessary, or draw correlations between small events that could be insignificant in isolation but may signal something more serious when viewed in context.
Advanced security teams can take things a stage further, using the instrumentation layer as a source of data that you can then use with other statistical analysis tools to model normal behaviour on a network, he explained. This will then help security teams to detect anomalous behaviour more easily.
This can lead to an avalanche of alerts and network noise, adding more complexity, rather than clarity, to business security, which arguably fails to deliver reliable, actionable data in a timely manner. The savvy organization will set priorities in its cyber security operation that span its tools, and its skills, but it still needs a sharp eye to interpret them, said Neely.
A good analyst or two on your team will be worth their weight in gold