The average organisation believes it would spot a data breach in ten hours, a McAfee global survey of IT professionals has found. But is that result good, indifferent or an indication of the downright complacent?
The firm’s interrogation of 500 decision makers from the US, UK, Germany and Australia earlier this year found that 22 percent thought they’d need a day to recognise a breach, with one in twenty offering a week as a likely timescale.
Just over a third said they would notice data breaches in a matter of minutes, which counts as real-time by today’s standards.
In terms of general security, three quarters confidently reckoned they could assess their security in real-time, with about the same number talking up their ability to spot insider threats, perimeter threats and even zero-day malware.
All of this was despite 58 percent admitting they had suffered a data breach in the last year with only a quarter spotting that fact within minutes.
When trying to locate the source of the breach – the most important aspect of any detection and remediation regime – a third said it took a day and 16 percent as long as a week.
“If you’re in a fight, you need to know that while it’s happening, not after the fact,” suggested McAfee’s CTO, Mike Fey.
“This study has shown what we’ve long suspected - that far too few organisations have real-time access to the simple question ‘am I being breached?’ Only by knowing this, can you stop it from happening,” he said.
In McAfee’s view the general optimism buried in some of these numbers belies the probability that many organisations over-estimate both the speed at which they notice breaches and their ability to quickly trace their source.
Third parties have backed them up on this, especially a survey from security vendor Trustwave that found that many data breaches take months to spot, with the average being 210 days; 14 percent take longer than two years.
One of the problems is the way the battlefield keeps shifting, with the average large organisation now storing between 11 and 15 Terabytes of data per week, McAfee calculated.
According to McAfee, the rise of advanced persistent threats meant that spotting attacks and resulting breaches required systems that could inter-connect “big security data,” risk-based analysis and modelling.