Intel Security’s latest report uncovers why UK corporations struggle to detect and defend against targeted online attacks
- 25% of UK IT professionals took over two weeks to discover their enterprise was suffering an advanced cyber threat in 2014
- 39% admitted that a threat, once discovered took between two and twelve weeks to remove and remediate
- Across the globe, businesses on average dealt with 78 security incidents last year
- 26% involved targeted and bespoke attacks
A new report, Tackling Attack Detection and Incident Response, from Enterprise Strategy Group (ESG), commissioned by Intel Security, reveals slow responses to cyber-attacks from UK enterprises are leaving companies vulnerable to targeted online crime.
The study of IT and security professionals at mid and large-sized enterprises across the globe found that 25% of UK enterprises took more than two weeks to detect an advanced attack on their enterprise last year. Moreover, 39% of UK IT experts admitted that a threat, once discovered took between two weeks and three months to remove and remediate.
UK IT professionals ranked the following as the top three most time consuming incident detection and response tasks:
- (50%) Determining the impact and/or scope of a security incident. This includes identifying what was altered on a system, what this alteration did and analysing whether other systems were affected.
- (45%) Taking action to minimise the impact of an attack. This includes taking a system off-line and segmenting the network.
- (45%) Determining which assets, if any, remain vulnerable to a similar type of attack.
Raj Samani, EMEA CTO Intel Security, who worked on the report, points out that corporations could be leaving themselves in grave danger by failing to detect and remediate against attacks immediately. According to Samani enterprises have a ‘golden hour’ – or a window of opportunity – in which to detect and deflect an attack, if they are to minimise risk and damage to their organisation. Just as the medical profession must deliver heart-attack patients to the hospital within a ‘golden hour’ to maximise likelihood of survival, the security industry must work towards reducing the time it takes to respond and react to a cyber threat.
The report uncovers that the slow detection and incident response issue is a matter of global concern. In France similarly 25% of IT professionals claimed their company took at least two weeks to discover an advanced cyber-attack on their company in 2014, while in the US the figure rose to 35%.
With the average number of investigations carried out within individual enterprises per-year standing at 78 internationally, this suggests that enterprises across the globe are leaving themselves at risk of acute company damage by failing to act fast. Of those attacks, 26% were targeted – highlighting that cyber criminals are tailoring their attacks to specific victims or focusing in on particular types of information, including confidential employee or customer data.
Feedback from UK IT professionals suggests lack of communication between the company’s security tools could be slowing down their organisation’s ability to detect and react to cyber threats – with 78% listing this as a problem. Hackers typically use a single vulnerability within an enterprise network as an opportunity to spread their attack across the organisation. As such, companies that fail to sync up their security tools could be leaving hackers with time to spread damage across the company, before they’ve even had a chance to detect the threat.
Access to analytics tools also came up as a key issue for UK enterprises, suggesting manually analysing compromised data is slowing responses in the first critical minutes of an attack. 39% claim that they are in need of better automated analytics from their security intelligence tools in order to gain real-time and comprehensive security visibility at their organisation.
Beyond lack of necessary tools, 80% of UK IT professionals believe their organisation suffers from a shortage of IT security skills amongst staff. Despite this skills shortage, less than half (40%) of UK companies surveyed said they are currently recruiting for new security talent – the lowest number globally. This compares to 78% in the US, 73% in France and 61% in Germany.
Raj Samani, EMEA CTO Intel Security commented: “It’s worrying to see that companies in the UK and globally are losing out on critical time in the initial onset of an attack – when immediate action is crucial.
“Hackers don’t hang around – as soon as they identify a vulnerability within a corporate network, they will be working to spread this as far as possible throughout the enterprise, wreaking havoc and compromising data along the way.
“Investing in training to ensure the company’s security team has the expertise to deal with a threat is crucial. Meanwhile, automating processes and ensuring security tools are synced across the network is a key way to ensure companies are able to act fast in their ‘golden hour’ of an online attack.”
About Intel Security
McAfee is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique McAfee Global Threat Intelligence, Intel Security is intensively focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world. Intel Security is combining the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. The mission of Intel Security is to give everyone the confidence to live and work safely and securely in the digital world.For more information visit here www.intelsecurity.com.
Intel, the Intel logo, McAfee and the McAfee logo are trademarks of Intel Corporation in the U.S. and/or other countries.
*Other names and brands may be claimed as the property of others.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.