Browse archive

Latest news

U.S. DOJ accuses journalist of espionage

Aurora attackers were looking for Google's surveillance database

A closer look at Mega cloud storage

CISOs need to engage with the board

Wi-Fi client security weaknesses still prevalent

"NATO vacancies" phishing email also leads to malware

Find TrueCrypt and BitLocker encrypted containers and images

Sourcefire goes beyond the sandbox

The CSO perspective on healthcare security and compliance

Jailed hacker designs device to thwart ATM card skimming

U.S. Congress has questions about Google Glass and privacy

Over 45% of IT pros snitch on their colleagues

Hacking charge stations for electric cars

Security breaches remain undiscovered and unresolved for months

Posted on 28 February 2013.

At RSA Conference 2013 in San Francisco, Solera Networks announced the results of the Ponemon Institute’s 2013 report, "The Post Breach Boom," which revealed that organizations are unprepared to detect data breaches and contain them.

The Ponemon Institute polled 3,529 IT and IT security professionals in U.S., Canada, UK, Australia, Brazil, Japan, Singapore and United Arab Emirates, to understand the steps they are taking in the aftermath of malicious and non-malicious data breaches.

All participants in the study represent organizations that had one or more data security breaches in the past 24 months.

Highlights of the research include the following findings:

Data breaches are on the rise and organizations are unprepared to detect them or resolve them — According to the majority of respondents, data breaches have increased in both severity (54 percent) and frequency (52 percent) in the past 24 months. While 63 percent say that knowing the root causes of breaches strengthens their organization’s security posture, only 40 percent say they have the tools, personnel and funding to pinpoint the root causes.
Breaches remain undiscovered and unresolved for months — On average, it is taking companies nearly three months (80 days) to discover a malicious breach and then more than four months (123 days) to resolve it.
Security defenses are not preventing a large portion of breaches — One third of malicious breaches are not being caught by any of the companies’ defenses - they are instead discovered when companies are notified by a third party, either law enforcement, a partner, customer or other party - or discovered by accident. Meanwhile, more than one third of non-malicious breaches (34 percent) are discovered accidentally.
Malicious breaches are targeting key information assets within organizations — Nearly half of malicious breaches (42 percent) targeted applications and more than one third (36 percent) targeted user accounts.
Impact and cost of breaches — On average, malicious breaches ($840,000) are significantly more costly than non-malicious data breaches ($470,000). For non-malicious breaches, lost reputation, brand value and image were reported as the most serious consequences by participants. For malicious breaches, organizations suffered lost time and productivity followed by loss of reputation.

"The results demonstrate a clear need for greater and faster visibility—as well as a need to know the root cause of the breaches themselves—in order to close this persistent window of exposure,” commented Larry Ponemon, chairman and founder, Ponemon Institute.