Firms Take Over 100 Days to Contain Breaches

Most organizations appear to be getting no better at detecting and containing data breaches, with the average company still taking over 100 days to completely wipe all traces of its attackers from systems, according to Trustwave.

The firm’s Global Security Report 2015 revealed the findings from 574 data “compromises” it investigated across 15 countries worldwide.

It found that 81% of victim organizations didn’t detect the breach themselves. The median length of time taken to detect a breach was 86 days and the total from intrusion to containment was 111 days.

This is bad news for organizations, especially as the longer a targeted attacker sits undetected inside a system the larger, and more costly, the data breach usually is.

These figures differed little from the report’s findings a year ago, when it took firms on average 87 days to detect a breach and 114 days to contain it.

However, the stats were more telling when Trustwave split them between self-detected breaches and externally detected ones, backing up the vendor’s assertion: “When you’re capable of detecting a breach on your own, or partnering with a managed security services provider that can on your behalf, you can detect a breach sooner and contain it quicker.”

Thus, the median time between intrusion and detection in self-detected breaches dropped from 31.5 days in 2013 to just 10 days last year.

However, the duration actually grew for externally detected breaches; from 108 days in 2013 to 126 days last year.

The report added:

“This says something about the security prowess of an organization capable of detecting a breach on its own. If a business knows what to look for, it stands to reason that they’ll likely detect a compromise sooner. And if they have the skills to detect a breach, they typically have the acumen to contain it more quickly (or have experts on call to do so for them).”

The report has a host of additional insights, including the results of security tests that found ‘Password1’ is still the most common credential used by employees.

Trustwave also warned that 95% of the mobile apps it tested had vulnerabilities, with over a third (35%) containing critical issues.

What’s Hot on Infosecurity Magazine?