As cyber threats emerge and evolve each day, they pose challenges for organizations of all sizes, in all industries. Even though most industries are investing heavily in cybersecurity, many companies are still playing catch up, discovering breaches days, months, and even years after they occur. The 2015 Verizon DBIR shows that this “detection deficit” is still increasing: The time taken for attackers to compromise networks is significantly less than the time it takes for organizations to discover breaches.
The risk posed by third parties complicates the issue further. How can an organization allocate time and resources to trust their partners’ security when they are struggling to keep up with their own? Over the years, audits, questionnaires, and penetration tests have helped to assess third party risk. However, in today’s ever-changing cyber landscape, these tools alone do not offer an up-to-date, objective view. While continuous monitoring solutions can improve detection and remediation times for all organizations, the retail, healthcare, and utilities industries can especially benefit from greater adoption.
Some of the most notable data breaches have occurred in the retail sector. Recently, eBay asked its 145 million customers to change passwords after names, e-mail addresses, physical addresses, phone numbers and dates of birth were stolen. Retailers frequently work with new vendors and suppliers over time. Moreover, companies rely on point-of-sale systems (PoS) that are often susceptible to new types of malware. Compounded with the challenge of dealing with a large number of vendors and keeping up with new vulnerabilities, retail often ranks low in detection times. A recent study by Arbor Networks and the Ponemon Institute found that retailers take an average of 197 days to detect advanced threats on their networks.
Retail companies with tight budgets may not be able to commit the same amount of resources towards security as the Finance sector. Yet, implementing a continuous monitoring solution will enable companies to better monitor their own networks and stay on top of threats in their vendor ecosystem in a more cost-effective manner. Furthermore, it will also help retailers reduce detection and remediation times.
Healthcare providers have recently dominated headlines with large data breaches. In January, Premera disclosed that it lost information for roughly 11 million of its customers. A month earlier, Anthem Inc., said information of close to 70 million current and former employees and customers was stolen. Both of these breaches exposed personally identifiable information (PII) including SSNs and birthdays, and possibly medical information as well.
In general, healthcare providers have an immense amount of devices connected to their networks. Following widely known breaches in this sector, many criticized organizations for failing to encrypt files containing sensitive customer information. While stronger encryption would certainly help, these companies must also ensure their networks are secure in the first place. Weeks before the Premera breach, federal auditors told the organization that some of its network security practices were inadequate and vulnerable to attack. If Premera had been monitoring their networks with greater frequency, they may have learned of these vulnerabilities earlier, on their own. Subsequently, they may have had significantly more time to patch and prevent a breach.
Companies in the Utilities sector are challenged with protecting critical infrastructure. These companies also hold a large amount of customer data, making them big targets for hackers looking to destroy or exfiltrate data. In 2014, nearly 70% of companies in the utility sector said they had been breached. Many companies also have reported attempts to have their data completely deleted or destroyed.
Breaches of Utility companies are often not disclosed, so the full scope of vulnerable companies are in this industry is not fully understood. However, a recent study found that 52% of companies in the Utilities industry had significant botnet infections. Greater monitoring will be necessary for companies in this sector to decrease the breadth of infection. Without it, our critical infrastructure and personal information remain vulnerable.
Narrowing the gap
For this “detection deficit” to narrow, companies need to monitor their own networks with greater frequency. As business have increasingly outsourced their operations over the years, they will also need to monitor third parties –and even fourth parties– to manage risk.
A recent survey found that 46% of companies that experienced a data breach took more than four months to detect a problem on their networks. Perhaps even more concerning is that 70% of these breaches were detected by a third party. Continuous monitoring solutions will enable organizations to detect intrusions as they occur. As a result, IT teams can spend more time and resources on fixing and remediating threats rather than detecting them in the first place.
Nobody wants to live the embarrassment of being told over the phone that they’ve been breached, or worse, read about it in the news. But as more organizations adopt continuous monitoring solutions, this experience should become far less frequent.