May 4, 2015 By Jaikumar Vijayan 2 min read

A new survey by MeriTalk reveals many government agencies may have an overly optimistic estimate about the length of time cyberthreats remain undetected on government networks.

Optimistic Estimates

MeriTalk, a public-private partnership focused on improving government IT security, surveyed a total of 302 cybersecurity professionals from federal, state and local government agencies to get an idea of their current state of cybersecurity preparedness. Conducted in March, the study found government IT security professionals estimate that cyberthreats, including intrusions, existed on their networks for an average of just 16 days before they were detected.

That number is substantially lower than the numbers being reported by the government entities that actually suffered a recent data breach.

The Reality

Big data vendor Splunk, which underwrote the MeriTalk study, points to last year’s breach at government security clearance contractor USIS as one example. In that incident, personal records belonging to an estimated 25,000 employees at the U.S. Department of Homeland Security were exposed, but the contractor did not know about the intrusion for months.

Security vendor Mandiant, which has performed forensic investigations into numerous data breaches over the past few years, estimated in a report last year that the median number of days threat actors are able to remain undetected on a victim’s network is 229 days. The longest anyone has been able to remain undetected on a victim’s network is an astounding 2,287 days.

“There are a number of reports focused more broadly on commercial and public-sector organizations, suggesting that attackers are present on victim networks for an average of over 200 days before they were discovered,” a Splunk representative said in an email.

Lack of Visibility Into Government Networks

Against that background, the MeriTalk survey results seem startling.

“This shows that most public-sector agencies are far more optimistic than the reality,” according to Splunk.

Respondents in the MeriTalk survey reported collecting more threat-related data than ever before from sources such as vulnerability scans, mail logs, virtual private network logs and Dynamic Host Configuration Protocol logs. However, many are struggling to make sense of the data deluge, the report also showed.

Nearly 7 in 10 government cybersecurity professionals reported being overwhelmed by the volume of data being collected by the security systems. Some 78 percent said at least some of the data they collect goes unanalyzed because they simply had neither the time nor the resources to do it.

Ignoring Alerts

This statistic is important. Organizations have deployed numerous security controls over the years, many of which are set up to deliver alerts on network intrusions and other malicious threats. However, such alerts are often ignored because of both the sheer volume of data generated by the systems and the lack of resources to inspect the data. For instance, with the Target breach, the company admitted one of its security alerting systems warned of an intrusion. However, the alerts were never viewed or acted upon and were only discovered after the breach.

The survey found 70 percent of all government agencies can conduct a root-cause analysis into a security incident to find out what might have caused it. At the same time, the root-cause analysis was successful only 49 percent of the time. Nearly 90 percent of the cybersecurity professionals surveyed said they are unable to tell a complete story with the security data they gather, according to Splunk.

“These findings validate the fact that most are not using a single platform to address their needs,” the company said. “Data is everywhere. It’s disconnected, siloed.”

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today