June 10, 2015 By Jaikumar Vijayan 3 min read

A vast majority of organizations that suffer malicious network intrusions do not detect the breach themselves, a new global security report from Trustwave showed.

External Versus Internal Detection

Trustwave analyzed data from over 574 data breach investigations in 2014 and discovered that in 81 percent of the cases, an external party notified the victims of the compromise.

In such situations, the median length of time it took for an organization to detect a breach was 126 days, compared to 108 days in 2013. In situations where an external party notified the victim of a data breach, the median length of time from initial intrusion to containment was 111 days.

In contrast, companies that discovered breaches on their own tended to be much quicker at discovering and mitigating the issue, the report showed. The median length of time to detect a breach was just 10 days when companies found them on their own, and half took just one day to mitigate the threat after detecting it. The median length of time between initial intrusion and mitigation was just over 14 days in situations where organizations identified a breach themselves.

Significant Trends From the Global Security Report

The numbers are important because the length of time an intrusion remains undetected and the manner in which the intrusion is detected can have a significant impact on the severity of a breach.

The Home Depot breach, which exposed data on over 56 million debit and credit cards, remained undetected for over four months. The retailer did not discover the intrusion until its banking partners and law enforcement notified it about a potential issue, according to a corporate announcement.

Several other organizations that have suffered similarly large compromises have had the same experience. Another example is retailer Neiman Marcus, which took four months to discover an intrusion that ended up compromising data on some 1.1 million credit and debit cards, The New York Times reported.

The longer a data breach lasts and the longer an attacker occupies the network gathering data, the more costly the breach is likely to be, Trustwave noted.

Web Application Flaws a Major Worry

The company’s global security report also showed that Web application vulnerabilities continue to pose a major threat for enterprises. A full 98 percent of applications that Trustwave encountered in its breach investigations had at least one vulnerability. The largest number of flaws in a single application was 747. Meanwhile, the median number of flaws in an average application hit 20, an increase of 43 percent.

Roughly 35 percent of the flaws that Trustwave discovered were of the information-leakage variety. Examples of such flaws included form-caching vulnerabilities and application exception handling issues. Cross-site scripting flaws, which have long been the bane of Web applications, dwindled somewhat in 2014, but the number of SQL injection errors, which are another major issue, increased by 10 percent. About 15 percent of the data breaches that Trustwave investigated in 2014 involved input validation errors such as SQL injection vulnerabilities, the report noted.

Retailers Are the Most Frequent Victims

More than half of the compromises analyzed for the report occurred in the U.S., with retailers accounting for a substantial proportion of the breached entities. About 43 percent of Trustwave’s investigations involved retailers, 13 percent were from the food and beverage industry and 12 percent of the victims belonged to the hospitality sector. In a majority of the cases, intruders gained access to these entities by taking advantage of weak remote access security and weak passwords. Together, these two weaknesses enabled over 55 percent of the breaches investigated last year, Trustwave said.

If companies are to limit the damage done by data breaches, they must buff up their security detection measures to ensure a fast reaction time to problems. Having an incident response plan in place, investing in security infrastructure and proactively setting up safeguards against cybercriminals can help avoid major events.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today