Search This Blog

Monday, July 8, 2013

(I) Cyber-Ark Threat survey says 51% of companies think they are currently compromised

Here is another report by a security tools company that has some interesting data. 'Cyber-Ark's Global Threat Landscape Survey - June 2013'.

51% of companies think they have or had an active compromise going on.. Hmmm

Later in the report it states a rather high number of companies can detect 'attacks' in minutes or hours. An important distinction here is an attack is NOT a compromise. The question should have been "How long would it take you to detect a compromise?"

There is a significant difference between 'attack detection' and 'compromise detection'. Your goal should be minutes and hours to detect a compromise as detecting attacks is almost worthless with the sheer quantity of noise we all receive from the Internet. The recent Verizon DBIR and Trustwave reports clearly show an average of 210 days to detect a compromise and the notification of compromise usually comes from outside the company! In addition less than 5% of companies could detect a compromise in hours or days. These reports are believable, not sure Cyber-Ark asked the right questions.

Companies that create these reports need to ask the right questions to help those that participate get real actionable information. Not 'Wooo Hooo, I can detect an attack fast', when in fact clearly they can not detect the more important compromise.

The fact that 51% indicated they are or have been compromised again points towards Detect and Respond is where your InfoSec efforts should focus, NOT prevention as clearly prevention techniques of buying security tools is NOT enough.

Cyber-Ark Advanced Threat Survey