A new report, Tackling Attack Detection and Incident Response, from Enterprise Strategy Group (ESG), commissioned by the multi-national Intel Security, points to slow responses to cyber-attacks from UK enterprises, that are it’s claimed leaving companies vulnerable to targeted online crime.
The study of IT and security professionals at mid and large-sized enterprises across the globe found that a quarter of UK enterprises took more than two weeks to detect an advanced attack on their enterprise last year. Moreover, 39pc of UK IT experts admitted that a threat, once discovered took between two weeks and three months to remove and remediate.
UK IT people ranked these as the top three most time consuming incident detection and response tasks:
Ø (50pc) Determining the impact and/or scope of a security incident. This includes identifying what was altered on a system, what this alteration did and analysing whether other systems were affected.
Ø (45pc) Taking action to minimise the impact of an attack. This includes taking a system off-line and segmenting the network.
Ø (45pc) Determining which assets, if any, remain vulnerable to a similar type of attack.
Raj Samani, EMEA CTO Intel Security, who worked on the report, points out that corporations could be leaving themselves in grave danger by failing to detect and remediate against attacks immediately. According to Samani, enterprises have a ‘golden hour’ – or a window of opportunity – in which to detect and deflect an attack, if they are to minimise risk and damage to their organisation. Just as the medical profession must deliver heart-attack patients to the hospital within a ‘golden hour’ to maximise likelihood of survival, the security industry must work towards reducing the time it takes to respond and react to a cyber threat.
The report suggests that the slow detection and incident response issue is a matter of global concern. In France similarly a quarter of IT professionals claimed their company took at least two weeks to discover an advanced cyber-attack on their company in 2014, while in the US the figure rose to 35pc.
With the average number of investigations carried out within individual enterprises per-year standing at 78 internationally, this suggests that enterprises across the globe are leaving themselves at risk of acute company damage by failing to act fast. Of those attacks, 26pc were targeted – highlighting that cyber criminals are tailoring their attacks to specific victims or focusing in on particular types of information, including confidential employee or customer data.
Feedback from UK IT suggests lack of communication between the company’s security tools could be slowing down their organisation’s ability to detect and react to cyber threats – with 78pc listing this as a problem. Hackers typically use a single vulnerability within an enterprise network as an opportunity to spread their attack across the organisation. As such, companies that fail to sync up their security tools could be leaving hackers with time to spread damage across the company, before they’ve even had a chance to detect the threat.
Access to analytics tools also came up as a key issue for UK enterprises, suggesting manually analysing compromised data is slowing responses in the first critical minutes of an attack. 39pc claim that they are in need of better automated analytics from their security intelligence tools in order to gain real-time and comprehensive security visibility at their organisation.
Beyond lack of necessary tools, 80pc of UK IT people believe their organisation suffers from a shortage of IT security skills amongst staff. Despite this skills shortage, less than half (40pc) of UK companies surveyed said they are recruiting for new security talent – the lowest number globally. This compares to 78pc in the US, 73pc in France and 61pc in Germany.
Raj Samani, EMEA CTO Intel Security said: “It’s worrying to see that companies in the UK and globally are losing out on critical time in the initial onset of an attack – when immediate action is crucial. Hackers don’t hang around – as soon as they identify a vulnerability within a corporate network, they will be working to spread this as far as possible throughout the enterprise, wreaking havoc and compromising data along the way.
“Investing in training to ensure the company’s security team has the expertise to deal with a threat is crucial. Meanwhile, automating processes and ensuring security tools are synced across the network is a key way to ensure companies are able to act fast in their ‘golden hour’ of an online attack.”
