Posted on 02/26/2015 11:34:35 AM PST by Ernest_at_the_Beach
FireEye's Mandiant found that the average data breach was discovered in 205 days, dropping from 229 days (2013) and 243 days (2012). Enterprises were only able to self-detect 31 percent of breaches, with third-parties and the government helping identify cybersecurity incidents.
Companies are becoming more vigilant in detecting cybercrime-related activity, such as credit card companies noticing fraudulent behavior.
"Over the last several years, organizations like the Federal Bureau of Investigation (FBI) have gotten increasingly involved in notifying US businesses that they have been identified as being compromised," said Ryan Kazanciyan, technical director at Mandiant, in a statement to eWEEK. "The result of the FBI's efforts has led to increasing numbers of victim notifications."
Companies must focus on keeping systems updated with latest patches, while also improving employee training. Hackers are increasing their attack capabilities, so data breaches are expected to happen - and it's up to business leaders to improve their ability to address potential post-hack issues.
That is scary!
bookmark
Mandiant is a constant PITA. I don’t knock them for what they do, but they our IT security teams into firestarter mode with our non-technical leadership people, putting us in the awkward position of having to fire fires AND deploy new technology.
FireEye ping.
Disregard the link,...same as the previous.
One thing to keep in mind with FireEye: they’re a security appliance reseller. They sell security gateways to corporations for thousands of dollars and provide reporting to IT Security departments to take to corporate leadership to say, “Look at how many attempted attacks we warded off!”
I always like to tell this story: when I was first setting up my home network, I didn’t know what I was doing. I had NAS devices sitting right on my Internet switch with all sorts of ports open to the Internet so I could have my own personal little “cloud.” Once I got some monitoring utilities setup in my network, I started generating reports for daily attempts to access my network on ports that I didn’t (think I had) open. The first report was so large that my mail server rejected it due to size (it was >10MB). I went through it and saw that IPs from China, Russia, the Phillipines, Japan, North Korea, Iran, Egypt, Libya, South Africa... all attempted to access my network or otherwise scanned my network across a broad range of ports, presumably looking for a way in.
After talking to our network security analyst, I found out that these are so common as to be considered “noise” anymore. These are botnets, machines that were compromised and now do nothing but scan the Internet for ways into networks, and they simply catalog all of the ports available on any given IP or network. If an exploit comes out a few months down the road, the bad guys can run reports from their botnet databases to find hosts that could easily be compromised, and if that list is cross-referenced with a database of known high-value targets like banks or governments, they have precise targets to hit.
Needless to say I went home that night and shutdown every possible port I could find short of taking myself offline and have been very deliberative about my ports since. I also filter IPs from known state actors such as Russia, China, etc. This ensures, at least on the surface, that any direct connections from those countries won’t make it past my firewall/router. That doesn’t mean they couldn’t use a compromised computer in the US or any other nation where access is permitted, but it cut down significantly on the reports I was generating.
Moral of the story: while yes, there are some “neat” tools out there for fighting hackers, the truth is that much of IT security is passively watching firewall and threat mitigation endpoints on your network and remaining diligent in keeping your network free from vulnerabilities. Having worked in numerous industries as an IT professional, I can tell you that most corporations are just biding their time until they are hacked. I work for a mid-sized business now and am terrified by what we find out almost daily. I can’t imagine how the big boys out there are handling their threats.
...the average data breach was discovered in 205 days, dropping from 229 days (2013) and 243 days (2012). Enterprises were only able to self-detect 31 percent of breaches, with third-parties and the government helping identify cybersecurity incidents.I see what you mean about scary.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.