Does Your Organization Have the Tools to Detect If It’s Been Hacked?

On average, it takes organizations 212 days to identify a security breach and 75 days contain it, according to the 2021 Cost of a Data Breach Report by the Ponemon Institute and IBM. Breaches that took more than 200 days to identify and contain cost 35 percent more than those that were contained in less than 200 days.

Note that 287 total days is the average. Breaches involving compromised credentials took 250 days to identify and 91 days to contain.

A hacker can live inside an organization’s IT environment for months without being detected. Unless the hacker makes a mistake or takes aggressive action — accidentally damages a system or intentionally makes something inoperable — They can simply be quiet and continue to exfiltrate data.

However, the hacker typically leaves a backdoor open so that he can come and go. What often happens is that another hacker will find that door and try to hold the company hostage.

Interested In Learning More?

A Cautionary Tale

DeSeMa recently worked with an organization that was hit with three ransomware attacks in one weekend because an earlier hacker had left a backdoor into their systems. There was no way to recover the data because the data encrypted by the first group was encrypted again by the second and again by the third. It was just trashed.

There was no way to restore from backup because the ransomware had gone after their backups, too. The organization was able to recover some old backups but had to spend a significant amount of time rebuilding its r systems and data.

This example points to the critical importance of having effective tools for monitoring systems and detecting anomalous behavior that could indicate an attack. Additionally, organizations need to have personnel whose role is to pay attention to those systems, and well-defined processes for analyzing security event data and responding to a suspected breach.

Why Incident Response Is Critical

Despite a hacker’s efforts to go unnoticed, there generally are clues that an attack is taking place. The hacker counts on the amount of “noise” generated by systems, firewalls and other devices. Few organizations have tools to filter out that noise and gain the actionable intelligence needed to detect an attack in progress. In some cases, an organization has the right tools but they aren’t deployed properly or at all.

IT teams are so busy they cannot keep pace with all the events and alerts. Furthermore, just 26 percent of organizations have an effective incident response plan, according to a recent Ponemon study on cyber resilience. More than half (51 percent) have plans that are inconsistent, informal or ad hoc. As a result, few organizations can tell that they’ve been compromised until the issue has become critical and impacts business.

How DeSeMa Can Help

DeSeMa’s consultants can sit down with key stakeholders to discuss your organization’s risk tolerance, regulatory compliance requirements and the threats that are most likely to impact your systems. We can help you identify your most critical systems and data so that the threats most likely to affect your operations are given the highest priority.

The DeSeMa team can then conduct a thorough analysis of your environment to identify gaps in your security monitoring and event management systems. Do you have the right tools? Are they deployed? Are they configured so that you have the information you need to make informed decisions about threat response? Are you able to scale your environment to address a growing attack surface and ever-increasing numbers of threats?

It takes most organizations the better part of a year to identify and contain a security breach. Let DeSeMa help you shorten that timeframe and thereby reduce the cost and business impact of the incident.