The first step in limiting the damage after a security incident is recognizing that a breach occurred. But according to recent Congressional testimony, most businesses don’t know they’ve been attacked until they hear about it from law enforcement.
That was the message given by Kevin Mandia, CEO of information security vendor Mandiant, to the House Intelligence Committee during a hearing earlier this month on preventing data breaches.
Of the last 50 breaches Mandiant investigated for clients, 48 of the businesses involved weren’t aware they had been attacked until they were informed of the incidents by law enforcement agencies.
How are so many businesses failing to detect security breaches? Mandia told legislators a lot of the problem has to do with the fact that attackers have simply gotten better at conducting stealth hacks, InformationWeek reports.
And as the FBI and other federal agencies have been more closely following cybercrime organizations, it’s more likely they’ll know about the attackers’ activity before many of their victims do.
That creates obvious problems, as the longer it takes to discover a breach, the more damage attackers can cause.
IT tends to focus a lot of time and money on finding ways to prevent breaches. That’s a worthy endeavor, but breaches will never be completely preventable, so IT needs to make sure it’s adept at attack detection, too.
That may require investing in network monitoring tools and making sure there is staff time available for analyzing logs.