44 Percent of Organizations Miss Data Breach Investigating and Reporting Deadlines

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

A recent Balabit survey [PDF] of more than 100 IT and security professionals found that while 75 percent of organizations set fixed time limits for investigating potential data security incidents, 44 percent of respondents admitted having missed internal or external deadlines for investigating or reporting a breach in the past year.

Seven percent of respondents said a missed deadline had resulted in serious consequences.

"The Balabit survey identified that the primary reason for not being able to investigate data breaches in time is that organizations still do not understand their own data," Balabit product manager Peter Gyongyosi said in a statement. "It is difficult for them to extract the necessary information from unstructured data with their existing tools and they lack the contextual information that would help transform this data into valuable, actionable information."

The survey also found that 30 percent of organizations aren't required to report security incidents to external authorities -- and although 70 percent are required to do so, only one quarter set time limits for reporting.

Prevalent director of product management Jeff Hill told eSecurity Planet by email that the task of collecting data and analyzing behvaior is a mammoth one, particularly in large organizations. "Data and information are two different things entirely," he said. "The former is easy to collect; extracting the latter from it is much easier said than done."

"The results of the Balabit survey are likely to surprise few in the cyber security community," Hill added. "Investigating breaches is tedious, requires specific expertise, is increasingly difficult as attack vectors become more sophisticated, and is usually undertaken in a highly stressful and pressure-filled environment. Current techniques often require the painstaking parsing of millions of logs and identifying subtle changes in behavior."

Separately, a recent RedSeal survey of 200 U.S. CEOs found that more than 80 percent of respondents claimed to be very confident in their firms' cyber security strategies.

"CEOs are underestimating their companies' cyber vulnerabilities," RedSeal chairman and CEO Ray Rothrock said in a statement. "Their confidence does not square with what we observe. Cyber attacks are up and financial losses associated with these attacks are increasing dramatically."

Half of respondents said they're currently prioritizing keeping hackers out of their network -- just 24 percent said they're focused on building capabilities to deal with hackers who have successfully breached their perimeters.

And while 87 percent of CEOs said they need a better way to judge the effectiveness of their cyber security investments, 84 percent said they still plan on increasing their spending next year.

"We've reached an inflection point where cyber security strategies and investments have underperformed for an extended period of time," Rothrock said. "Analysts estimate that cyber losses are now growing more than twice as fast as the spend on security. To stem this tide, CEOs and boards need more effective metrics to understand the real-time health and function of their network, and to more clearly manage and measure their cyber strategies and investments."

Almost 90 percent of CEOs said they want to be provided with information on a daily basis on their cyber security posture, the external threat level, and their network's overall health and resilience -- but 51 percent cited receiving reports in a timely manner as a significant challenge.

A recent eSecurity Planet article offered advice on securing corporate data in a post-perimeter world.