Why You Should Be Prioritizing Breach Detection

By: Arieanna Schweber | 1/26/2016

We know that 90% of organizations will suffer at least one security incident this year: no organization is immune. With the number of data breaches consistently on the rise, and the breadth and cost of those breaches rising as well, there is no question that data breach prevention is key for every organization. While it's important to prevent and mitigate the damage from breaches, it's just as vital to know that they have happened at all. 

When it comes to data breach preparedness, organizations need to focus on three areas: prevention, detection and response. In this post, we’ll address why faster detection is a key factor in reducing the cost of a data breach.

Research indicates it can take an average of 256 days to identify a data breach caused by a malicious attack and 158 days for an attack caused by human error. When an attack goes undetected for this long, the potential for damage (both to the organization and victims of breached data) are so much worse. Accurately detecting a security incident is the first step toward effectively responding to it. 

Although the research above is specific to detecting cyber attacks, the truth is that cyber attacks are not isolated brute force attacks—there are other points along the line where security incidents led to weaknesses that could have been detected earlier. 36% of cyber security incidents can be tied back to exploited mobile devices; 90% of breaches can be tied back to people maliciously or inadvertently putting data at risk, often exacerbated by the use of mobile devices and the cloud.

So, what does this data tell us? That there are security incidents that lead to further security incidents. That a data breach could be prevented, or at the very least detected, much earlier in the chain of events. Studies have shown that the speed at which an organization can identify and contain a data breach incidence can have drastic financial consequences.

Technology such as Absolute DDS can alert your IT team to irregularities in software, hardware or user behaviour much earlier in the chain of events. Encryption disabled? Receive an alert. Device in unusual location? Receive an alert. With customized alert options, and automated protections (such as device freeze), IT has more tools to detect security incidents before they progress. Using historical data, IT can see clearly if an alert is relevant, providing the context needed to take preemptive action (such as remotely deleting or recovering data) to prevent a data breach or at least to respond to it quickly. Learn more about how our team can assist you with your risk response and investigations here.

Financial Services