The annual Verizon Data Breach Investigations report released last week was filled with with informative charts and graphs of data gathered from thousands of incidents and breaches around the world, including one that showed infosec teams are still too slow to detect breaches.
The percentage of breaches discovered within days of compromise is going down, despite all the new staff, hardware and software CISOs are investing in. Meanwhile attackers are getting better at exfiltrating data — roughly 67 per cent of the time data is out the door within days.
It doesn’t have to be that way, argues Umesh Yerram, IBM’s cybersecurity strategy, risk and compliance Leader for North America. If infosec teams did three things they could radically cut the detection time and better protect the enterprise:
–Inventory your assets: You can’t protect what you don’t know you have, so an asset repository is crucial, he writes. When a system is found under attack or infected the right owner has to be found and owners when the system is under attack or infected;
–Monitor the assets: Whether you have a full security information and event management (SIEM) suite or another way of collecting and correlating event data, you have to watch what’s going on. “The security operations team should work with application, network and system administrators to fine-tune the monitoring policies to eliminate false positives and focus on flagging high-risk events,” he writes;
–Have an incident response plan.
“Having an asset inventory, detection capabilities and a response plan will help organizations to detect incidents rapidly and respond appropriately before they become damaging data breaches,” he writes.