It took companies an average of 38 days to detect attackers responsible for data breaches between 2014 and 2016, according to a new report published Friday by the Aberdeen Group.
“This means that in half of the successful data breaches, detection by the defenders took five to six weeks or less,” the report said. “In the other half, detection took as long as four years.”
The findings come from Cybersecurity: For Defenders, It’s About Time, a report from the Aberdeen Group sponsored by McAfee that leveraged data from Verizon’s Data Breach Investigation Report to determine “dwell times,” or the total time attackers had in a defender’s network before being detected.
“Time has become a critical capability in being able to extract the business value enterprises want from their data and computing infrastructure, as well as to protect the business value that has already been created,” wrote report author Derek E. Brink, CISSP, vice president and research fellow at Information Security and IT GRC. “In multiple areas of cybersecurity, time is currently working in favor of the attackers—and time is the strategic advantage that the defenders need to regain.”
For instance, Aberdeen’s research found that the business impact of a data breach is greatest at the beginning of an exploit.
“Capabilities for faster detection and response reduce the business impact of a successful breach,” according to the report’s executive summary. “Indeed, by incorporating this assumption into Aberdeen’s…analysis, it turns out that responding twice as fast to data breaches can lower the business impact by about 30 percent.”
To help companies, the report focused on four examples of how recapturing a time advantage—reducing time to detection and response—impacts four areas of cybersecurity: data protection, incident response, cloud security, and endpoint security.
The report suggested that moving forward, companies should “prioritize investments in capabilities that are aligned with the current reality of threats and vulnerabilities.”
These include focusing on capabilities that reduce the likelihood and business impact of cyberattacks while decreasing time to detection and response, that maintain the productivity of users, and that increase the productivity of defenders.
For more on time to detection of cyber incidents, read “An Integrated Defense” from the November 2016 issue of Security Management.