The Ponemon Institute recently completed a study, sponsored by Arbor Networks, which looks at Advanced Threats in Financial Services and Retail and how these sectors are responding to advanced threats and denial of service attacks (DDoS). According to the findings, financial services companies have a stronger security posture - able to detect and contain threats more quickly than in the retail sector - but that both sectors are struggling to keep up.
According to the study, financial service firms are investigating an average of 226 incidents a month (or eight incidents per day), and yet even with that it takes an average of 98 days to detect an advanced threat and nearly a month to contain it. Retail organizations face their own struggles, with at least eight cyber attacks per year, 74% of which are advanced threats (AT) and 50% are DDoS attacks. In retail, it takes up to 197 days to detect an advanced threat and over a month to contain it.
According to the study, organizations in both industries struggle to identify advanced threats, using forensic evidence, known signatures, or threat intelligence only some of the time, while a “gut feeling” was also cited as a method. Indeed, “people” are a key part of not only preventing threats / breaches but also detecting them. When it comes to preventing and detecting threats, 22% of security budgets are spent on “cyber kill chain activities” which aim to disrupt an attack before it happens. One of the key areas in this is being able to identify unauthorized access and use, which cannot be thought of as network vs endpoint in its scope.
At Absolute Software, we advocate for a layered approach to data security, one which includes consideration for technology, internal processes and user education as vital to protecting data. Earlier this year, we wrote a post on Data Security Risk Mitigation in Financial Services, which goes into detail about the risk mitigation process including how to quantify risks, lifecycle security, incident response and extending protection to intellectual property. Though written for the financial sector alone, many tips would also be relevant to retail. Contact us to learn more about how we can help bolster your data protection.