News

By Chris Tribbey

Hackers are more patient than ever, spending more time inside company systems and stealing more data than ever before, according to a recent survey from HP and private U.S. security company SANS Institute.

The longer a hacker is able to go undetected, the more costly the breach, and the results from more than 500 security experts to the SANS 2015 Incident Response Survey yielded some troublesome results: 37% said their the average dwell time (the time from the attacker’s initial entry into a network to the time of detection) was less than 24 hours, while 36% said it took 24 hours or less to find and fix breaches. However, a full 50% said it took two or more days to detect a breach. Six percent didn’t see they had been breached for months.

The results are up a bit from 2014, though there are still a few problematic areas companies continue to face. More than 60% said malware was the cause of their breach, down from 82% in 2014, and data breaches were down to 39%, compared to 64% a year ago. The bad news: companies are still lagging on having the right skills and tools to fight security breaches.

Nearly 30% of respondents said DDoS was used as a primary attack method, though 16% said it used as a diversion attack.

Thirty-seven percent of respondents said they were unable to distinguish malicious events from nonevents, and 66% said a skills shortage was an impediment to effective IR. More than half (54%) said budget shortages for tools and technology was an issue, and 41% said they lack procedural reviews.

“Incentivized by the devastating data breaches suffered by U.S. companies recently, organizations are moving quickly to grow their incident response (IR) capabilities to facilitate rapid detection of attackers in their networks,” said SANS analyst and incident response expert Alissa Torres. “Despite these improvements, they face broader and more diverse attacks, including distributed denial of service, data destruction and targeted data theft.”

Eighty-four percent of survey respondents said their organization has experienced at least one incident over the past year, and nearly 20% said they’ve experienced more than 100 incidents in the past year, with 50% saying they saw at least one real data breach. More than 40% said employee information was the target of data thieves, 36% said individual customer information was the target, while 30% said their intellectual property was targeted.