US Companies Struggle To Notice When They've Been Hacked

Cybersecurity Trends

197. That's how many days it takes an average company to detect a security breach. Hackers have over 6 months before their victim is even aware that they've been hacked.
Here's how to change that.

Why does this matter?

Research by IBM demonstrates that companies that can keep their detection time beneath 30 days save over $1 million per breach. As if that isn't incentive enough, non-financial repercussions will begin to compound as the mean-time-to-detection grows longer. Brand reputation, customer loyalty, and employee morale are often highly impacted by poorly handled hacks, and are often far more difficult to recover from than the technical breach itself. While these factors may not be immediately reflected in a company's quarterly earnings, they generate downward pressure on long-term revenue, translating to significant financial losses.

Furthermore, the longer that a breach remains undetected, the more likely it is that the hackers will be able to pivot, both vertically and horizontally, to infect related networks and applications. Think of the SolarWinds hack. What began as a more or less contained exploit was eventually able to spread to Microsoft and then throughout much of the US federal government, all in a matter of months. The question is not when SolarWinds will recover from this extremely compromising attack, but if they'll recover at all. In a crowded economy, customers will move on to more trusted brands, who will more than happy to accommodate them. Facebook still hasn't fully recovered from the Cambridge Analytica scandal, which continues to haunt their every move four years later (perhaps rightfully so).

What's holding us back?

Unsurprisingly, we've found that the main reason why organizations struggle to detect (and respond to) security breaches is that they simply aren't prepared. Rather than closing our eyes and hoping that reality conforms to our best case scenario, we help our clients imagine a series of worst case scenarios and then get to work on preventing them. Remember, no attacker ever said, "That's out of scope." Here are some steps that you can take today to prepare:

  • Partner with a Managed Security Service Provider

    There are a number of advantages that MSSPs provide over traditional in-house IT departments including: focus, cost effectiveness, superior protection, compliance, scalability, and SLAs.

  • Invest in Continuous Monitoring

    The past decade has seen the meteoric rise of various SaaS applications, and cyber security is no exception. Now, with products like Quantum Armor, you can monitor dozens of applications and thousands of endpoints with a single subscription.

  • Cultivate a Cybersecurity Culture

    Information security cannot be contained in a set of regulations or handed off to a security department. To be effective, it must lead to a complete transformation in organizational priorities and culture. This means introducing training workshops, awareness programs, and top-down messaging that shows employees that your organization takes cybersecurity seriously.

  • Empower Your CISO/Security Team

    The ability of CISOs to function as a core member of the board will be a defining security trend of 2021. In crucial ways it will be cultural adjustments such as these that will provide the sorely needed increases in expenditures and commitments necessary for an effective and efficient cybersecurity program.

Okay, I'm prepared. Now what?

Test, test, and test some more. If you assume the worst, you'll never be caught off guard. At Silent Breach, we advise our clients to perform regular Compromise Assessments to identify any potential compromises to their network. Unlike penetration testing, a Compromise Assessment doesn't just identify security flaws, but instead combs through your network in search of any traces of actual malicious activity. Much like your usual medical check-up, Compromise Assessments will automatically cut down your mean-time-to-detection, preempt further harm, and (perhaps most importantly) allow you to sleep at night.

Silent Breach's Compromise Assessments include:

  • A comprehensive analysis of your environment with a focus on identifying evidence of ongoing or past breaches.

  • Insight into your organization's systemic risks and exposures.

  • Best practice recommendations to improve your organization's ability to effectively respond to future incidents.

  • Options to deploy on-premise or cloud-hosted technology.

The assessment report includes:

  • A detailed analysis of your endpoint, network, email and log data.

  • An itemization of any compromised systems.

  • A full report of attacker activity.

  • A summary of findings.

  • A roadmap to recovery, with both immediate and long term recommendations.

Similar Reads:
Top Five Challenges Facing CISOs in 2021
How To Tell If The SolarWinds Hack Affects You
What is Penetration Testing?

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.