June 10, 2015 By Jaikumar Vijayan 3 min read

A vast majority of organizations that suffer malicious network intrusions do not detect the breach themselves, a new global security report from Trustwave showed.

External Versus Internal Detection

Trustwave analyzed data from over 574 data breach investigations in 2014 and discovered that in 81 percent of the cases, an external party notified the victims of the compromise.

In such situations, the median length of time it took for an organization to detect a breach was 126 days, compared to 108 days in 2013. In situations where an external party notified the victim of a data breach, the median length of time from initial intrusion to containment was 111 days.

In contrast, companies that discovered breaches on their own tended to be much quicker at discovering and mitigating the issue, the report showed. The median length of time to detect a breach was just 10 days when companies found them on their own, and half took just one day to mitigate the threat after detecting it. The median length of time between initial intrusion and mitigation was just over 14 days in situations where organizations identified a breach themselves.

Significant Trends From the Global Security Report

The numbers are important because the length of time an intrusion remains undetected and the manner in which the intrusion is detected can have a significant impact on the severity of a breach.

The Home Depot breach, which exposed data on over 56 million debit and credit cards, remained undetected for over four months. The retailer did not discover the intrusion until its banking partners and law enforcement notified it about a potential issue, according to a corporate announcement.

Several other organizations that have suffered similarly large compromises have had the same experience. Another example is retailer Neiman Marcus, which took four months to discover an intrusion that ended up compromising data on some 1.1 million credit and debit cards, The New York Times reported.

The longer a data breach lasts and the longer an attacker occupies the network gathering data, the more costly the breach is likely to be, Trustwave noted.

Web Application Flaws a Major Worry

The company’s global security report also showed that Web application vulnerabilities continue to pose a major threat for enterprises. A full 98 percent of applications that Trustwave encountered in its breach investigations had at least one vulnerability. The largest number of flaws in a single application was 747. Meanwhile, the median number of flaws in an average application hit 20, an increase of 43 percent.

Roughly 35 percent of the flaws that Trustwave discovered were of the information-leakage variety. Examples of such flaws included form-caching vulnerabilities and application exception handling issues. Cross-site scripting flaws, which have long been the bane of Web applications, dwindled somewhat in 2014, but the number of SQL injection errors, which are another major issue, increased by 10 percent. About 15 percent of the data breaches that Trustwave investigated in 2014 involved input validation errors such as SQL injection vulnerabilities, the report noted.

Retailers Are the Most Frequent Victims

More than half of the compromises analyzed for the report occurred in the U.S., with retailers accounting for a substantial proportion of the breached entities. About 43 percent of Trustwave’s investigations involved retailers, 13 percent were from the food and beverage industry and 12 percent of the victims belonged to the hospitality sector. In a majority of the cases, intruders gained access to these entities by taking advantage of weak remote access security and weak passwords. Together, these two weaknesses enabled over 55 percent of the breaches investigated last year, Trustwave said.

If companies are to limit the damage done by data breaches, they must buff up their security detection measures to ensure a fast reaction time to problems. Having an incident response plan in place, investing in security infrastructure and proactively setting up safeguards against cybercriminals can help avoid major events.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today