At the recent RSA conference Verizon shared a brief preview of their upcoming 2014 Data Breach Investigations report;
Basically, the long and short if it is that attackers are getting better and quicker this 75% (or more) of attacks succeeding within days or less, and only 25% (or less) of the time do organisations discover the attack within a similar timeframe.
So attackers are getting into our networks very quickly and successfully, and we are still in general very bad at discovering the compromises until it is far too late.
This looks like a continuation of some of last years key messages, you will be breached, networks are so complex and pours, and applications still so very vulnerable. Detection is key, having the ability to quickly spot, and act on, indicators of compromise (IOC). Security must improve its detective and response capabilities;
Cyber Criminals keep getting better at what they do, the security is failing to keep pace.
What are your thoughts, how can we improve the situation?
One thing I often wonder about is the role of security in not only keeping up with the threat landscape and how to prevent (well reduce the likelihood of) breaches, and to ensure they are discovered, but to also communicate this to the wider IT and business teams.
How do we get the wider business and IT community to ‘get that security cannot be an afterthought’?
Across multiple different roles, much of my life seems to have been filled up with debates about what the minimum security requirements are, and what has to be down to scrape through regulatory audits. The discussion should focus on what needs to be done to protect the data in our care. Have you successfully moved this discussion on and changed a businesses culture to be focussed on how to deliver securely?
Some upcoming posts will cover both thoughts on how to deal with the evolving advanced threat landscape and advanced attacks, and also ways we can get security to have the right priority and focus – we don’t have to just deliver, we can deliver securely!