June 10, 2015 By Jaikumar Vijayan 3 min read

A vast majority of organizations that suffer malicious network intrusions do not detect the breach themselves, a new global security report from Trustwave showed.

External Versus Internal Detection

Trustwave analyzed data from over 574 data breach investigations in 2014 and discovered that in 81 percent of the cases, an external party notified the victims of the compromise.

In such situations, the median length of time it took for an organization to detect a breach was 126 days, compared to 108 days in 2013. In situations where an external party notified the victim of a data breach, the median length of time from initial intrusion to containment was 111 days.

In contrast, companies that discovered breaches on their own tended to be much quicker at discovering and mitigating the issue, the report showed. The median length of time to detect a breach was just 10 days when companies found them on their own, and half took just one day to mitigate the threat after detecting it. The median length of time between initial intrusion and mitigation was just over 14 days in situations where organizations identified a breach themselves.

Significant Trends From the Global Security Report

The numbers are important because the length of time an intrusion remains undetected and the manner in which the intrusion is detected can have a significant impact on the severity of a breach.

The Home Depot breach, which exposed data on over 56 million debit and credit cards, remained undetected for over four months. The retailer did not discover the intrusion until its banking partners and law enforcement notified it about a potential issue, according to a corporate announcement.

Several other organizations that have suffered similarly large compromises have had the same experience. Another example is retailer Neiman Marcus, which took four months to discover an intrusion that ended up compromising data on some 1.1 million credit and debit cards, The New York Times reported.

The longer a data breach lasts and the longer an attacker occupies the network gathering data, the more costly the breach is likely to be, Trustwave noted.

Web Application Flaws a Major Worry

The company’s global security report also showed that Web application vulnerabilities continue to pose a major threat for enterprises. A full 98 percent of applications that Trustwave encountered in its breach investigations had at least one vulnerability. The largest number of flaws in a single application was 747. Meanwhile, the median number of flaws in an average application hit 20, an increase of 43 percent.

Roughly 35 percent of the flaws that Trustwave discovered were of the information-leakage variety. Examples of such flaws included form-caching vulnerabilities and application exception handling issues. Cross-site scripting flaws, which have long been the bane of Web applications, dwindled somewhat in 2014, but the number of SQL injection errors, which are another major issue, increased by 10 percent. About 15 percent of the data breaches that Trustwave investigated in 2014 involved input validation errors such as SQL injection vulnerabilities, the report noted.

Retailers Are the Most Frequent Victims

More than half of the compromises analyzed for the report occurred in the U.S., with retailers accounting for a substantial proportion of the breached entities. About 43 percent of Trustwave’s investigations involved retailers, 13 percent were from the food and beverage industry and 12 percent of the victims belonged to the hospitality sector. In a majority of the cases, intruders gained access to these entities by taking advantage of weak remote access security and weak passwords. Together, these two weaknesses enabled over 55 percent of the breaches investigated last year, Trustwave said.

If companies are to limit the damage done by data breaches, they must buff up their security detection measures to ensure a fast reaction time to problems. Having an incident response plan in place, investing in security infrastructure and proactively setting up safeguards against cybercriminals can help avoid major events.

More from

Recent CrowdStrike outage: What you should know

3 min read - On Friday, July 19, 2024, nearly 8.5 million Microsoft devices were affected by a faulty system update, causing a major outage of businesses and services worldwide. This equates to nearly 1% of all Microsoft systems globally and has led to significant disruptions to airlines, police departments, banks, hospitals, emergency call centers and hundreds of thousands of other private and public businesses. What caused this outage in Microsoft systems? The global outage of specific Microsoft-enabled systems and servers was isolated to…

White House mandates stricter cybersecurity for R&D institutions

2 min read - Federal cyber regulation is edging further into research and development (R&D) and higher education. A recent memo from the Office of Science and Technology Policy (OSTP) states that certain covered institutions will be required to implement cybersecurity programs for R&D security. These mandates will also apply to institutions of higher education that support R&D. Beyond strengthening the overall U.S. security posture, this move is also in direct response to growing threats posed by the People's Republic of China (PRC), as…

New memo reveals Biden’s cybersecurity priorities through fiscal year 2026

2 min read - On July 10, 2024, the White House released a new memo regarding the Biden administration’s cybersecurity investment priorities, initially proposed in July 2022. This new memorandum now marks the third time the Office of the National Cyber Director (ONCD), headed by Harry Coker, has released updated priorities and outlined procedures regarding the five core pillars of the National Cybersecurity Strategy Implementation Plan (NCSIP), now relevant through fiscal year 2026. Key highlights from the FY26 memorandum In the latest annual version…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today