Out-Law News 2 min. read
19 Jun 2013, 3:23 pm
McAfee said that a recent study had shown that data can be extracted from businesses within hours or even minutes of an attack being initiated, but that a survey it had conducted of 500 senior IT decision makers based in the US, UK, Germany and Australia showed that most businesses were unable to detect a security breach was happening within minutes. (9-page / 9.86MB PDF)
McAfee said that approximately three quarters of those surveyed claimed that they could assess the security status of their company in real-time and that they were confident they could identify insider, perimeter and zero day malware threats in real-time. However, the company said that fewer than a quarter (25%) of businesses that had experienced a data breach in the last year had been able to identify the breach within minutes, whilst only 14% could find the source of the breach in that timescale.
The average time taken for businesses that experienced a data breach last year to identify the breach had occurred was 19 hours, McAfee said. It said, though, that it most attacks take just seconds or minutes to compromise data and that in nearly half of the data breach cases found by Verizon in a separate study, it took just seconds or minutes to extract that data from businesses' networks. McAfee said companies can utilise 'big data' to help spot when security breaches are happening.
"Many businesses have applied a 'tick-box' approach to security, believing that if they have a basic security environment that will be sufficient to protect them," McAfee said in a new report. "But the threat landscape is evolving rapidly. Organisations must ensure that they have a coordinated and integrated defence across networks, devices, applications, databases and servers to address the broad, escalating and increasingly sophisticated threat landscape, both internally and externally."
"To have the visibility required, security information from all points of vulnerability must be gathered and analysed in real-time to identify correlations and patterns that indicate attempts to breach defences. Having this intelligence after the event will be too late to prevent the damaging commercial consequence that could result," it said.
McAfee said that businesses are storing approximately 11-15 terabytes of data each week, but most (58%) only store the information for three months. It said that organisations should consider storing data longer than this in order to identify "dormant" threats.
"The appearance of new Advanced Persistent Threats (APTs) accelerated in the second half of 2012," McAfee said. "These threats infiltrate an organisation's defences, undetected for months at a time, sitting dormant. Then when the organisation least expects it they strike, sending confidential information out or bringing additional malware and viruses into the organisation before returning, until the next time, to a dormant state."
"Organisations must retain their security data for longer and apply analytics to reveal patterns, trends and correlations to spot and deal quickly with these advanced persistent threats. By using analytics, businesses can spot and block trends in real-time, but long term analysis of the vast amounts of security information will also ensure that even dormant threats are found quickly," it said.
"There is no 'one-size-fits-all' best practice but organisations should be aware that advanced threats can occur over months or years, going under the radar of many blocking technologies –not retaining the data eliminates the ability to find them," the company added.
