Over 40 per cent of businesses have no automation technologies in place to detect breaches by monitoring for privilege escalations, suspicious data access, file access changes, or unusual email event activity, according to Varonis research. Only 19 per cent had the basic capability to detect some of these events using automation, of which six per cent monitor all these events in real-time.
The survey, questioning 248 security professionals at Infosecurity events in London and Orlando, was aimed at better understanding how well companies are able to spot breaches in progress.
David Gibson, VP at Varonis, said: “The findings were particularly alarming in light of the fact that, since there’s no perfect system of safeguards, a breach by hackers, other unauthorised users and authorised users that abuse their access is inevitable. With security breaches being a certainty, it makes great practical sense to have a ‘Plan B’ in place, or strategy for mitigating liabilities from a data break-in.”
Topping risk mitigation lists are techniques for detecting and monitoring unusual system events. Detective controls that track and analyse user, file system and OS activity for anomalous patterns outside of the norm must become a critical layer of defence, and are as important as preventive controls like authentication, access control lists, and firewalls.
“Once corporate defences have been breached, hackers look for high-value content, such as personal information, intellectual property, credit card numbers, and other sensitive data”, says Gibson.
An IT department’s ability to track this data is key to breach mitigation efforts. Unfortunately, respondents fared poorly here, with only 29 per cent having the ability to detect when files containing sensitive data had been accessed or created. With the rise of cloud services, such as Dropbox, that are used informally by employees, companies have another place to search for sensitive content.
The survey results showed that organisations need to improve their cloud monitoring as well: only 22 per cent could track data uploaded to the cloud.
Gibson says although it is widely accepted that auditing and analysis of OS, security, applications and especially file system logs is critical to good breach mitigation practices, the survey results were, again, less than encouraging. “A mere 28 per cent of respondents report being able to detect suspicious access to data.”
There is no doubt that first-line defences are critical in preventing breaches. However, cyber criminals have many more successful attack vectors, which, in combination with advanced persistent threats, cannot always be prevented. Organisations need to be able to detect what they don’t prevent.
“In other words, businesses must assume that as long as they store sensitive data, someone will try to get to it, and a hacker or an insider will gain access at some point. Therefore, Plan-B detection methods are vital in stopping breaches as soon as they start, thereby limiting the damage,” Gibson concludes.
Share this story