A vast majority of organizations that suffer malicious network intrusions do not detect the breach themselves, a new global security report from Trustwave showed.

External Versus Internal Detection

Trustwave analyzed data from over 574 data breach investigations in 2014 and discovered that in 81 percent of the cases, an external party notified the victims of the compromise.

In such situations, the median length of time it took for an organization to detect a breach was 126 days, compared to 108 days in 2013. In situations where an external party notified the victim of a data breach, the median length of time from initial intrusion to containment was 111 days.

In contrast, companies that discovered breaches on their own tended to be much quicker at discovering and mitigating the issue, the report showed. The median length of time to detect a breach was just 10 days when companies found them on their own, and half took just one day to mitigate the threat after detecting it. The median length of time between initial intrusion and mitigation was just over 14 days in situations where organizations identified a breach themselves.

Significant Trends From the Global Security Report

The numbers are important because the length of time an intrusion remains undetected and the manner in which the intrusion is detected can have a significant impact on the severity of a breach.

The Home Depot breach, which exposed data on over 56 million debit and credit cards, remained undetected for over four months. The retailer did not discover the intrusion until its banking partners and law enforcement notified it about a potential issue, according to a corporate announcement.

Several other organizations that have suffered similarly large compromises have had the same experience. Another example is retailer Neiman Marcus, which took four months to discover an intrusion that ended up compromising data on some 1.1 million credit and debit cards, The New York Times reported.

The longer a data breach lasts and the longer an attacker occupies the network gathering data, the more costly the breach is likely to be, Trustwave noted.

Web Application Flaws a Major Worry

The company’s global security report also showed that Web application vulnerabilities continue to pose a major threat for enterprises. A full 98 percent of applications that Trustwave encountered in its breach investigations had at least one vulnerability. The largest number of flaws in a single application was 747. Meanwhile, the median number of flaws in an average application hit 20, an increase of 43 percent.

Roughly 35 percent of the flaws that Trustwave discovered were of the information-leakage variety. Examples of such flaws included form-caching vulnerabilities and application exception handling issues. Cross-site scripting flaws, which have long been the bane of Web applications, dwindled somewhat in 2014, but the number of SQL injection errors, which are another major issue, increased by 10 percent. About 15 percent of the data breaches that Trustwave investigated in 2014 involved input validation errors such as SQL injection vulnerabilities, the report noted.

Retailers Are the Most Frequent Victims

More than half of the compromises analyzed for the report occurred in the U.S., with retailers accounting for a substantial proportion of the breached entities. About 43 percent of Trustwave’s investigations involved retailers, 13 percent were from the food and beverage industry and 12 percent of the victims belonged to the hospitality sector. In a majority of the cases, intruders gained access to these entities by taking advantage of weak remote access security and weak passwords. Together, these two weaknesses enabled over 55 percent of the breaches investigated last year, Trustwave said.

If companies are to limit the damage done by data breaches, they must buff up their security detection measures to ensure a fast reaction time to problems. Having an incident response plan in place, investing in security infrastructure and proactively setting up safeguards against cybercriminals can help avoid major events.

More from

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Why Zero Trust Works When Everything Else Doesn’t

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived. Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a "default deny" security posture. All people and devices must prove explicit permission to use each network resource each time they use that resource. Using microsegmentation and least privileged access principles, zero trust not only prevents breaches but also stymies lateral movement should a breach…

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

Third-Party App Stores Could Be a Red Flag for iOS Security

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…