Data breaches are taking longer to identify, says report

Out-Law News | 27 Apr 2016 | 4:28 pm | 1 min. read

It is taking organisations longer to identify breaches of their IT systems, according to research by telecommunications company Verizon.

In its annual data breach investigations report, Verizon found that the difference between the time it takes for data to be compromised and for that breach to be discovered is increasing. 

The time taken to compromise data is growing shorter, Verizon said. In part, this is due to the rise in successful 'phishing' attacks, where criminals trick users into downloading malicious software by opening an attachment. One in 10 phishing attempts is now successful, Verizon said, with around 30% of users opening messages and 12% clicking on attachments. This is an increase from 23% and 11% the year before.

Once an attachment is opened malware is "dropped" within seconds, Verizon said. Likewise, the physical compromise of ATMs and petrol pumps happens almost instantly.

"In the majority of confirmed data breaches, the modus operandi of nation-states as well as financially motivated attackers is to establish control via malware and, when successful, it is lightning fast," the report said.

Detection of the breaches, however, is slow, with most notification coming from external sources such as law enforcement and other third parties, Verizon said.

Breach response specialist Philip Kemp of Pinsent Masons, the law firm behind said this comes as no surprise.

"Detection methods just aren’t keeping up. It's taking longer to discover breaches as the sophistication of attacks, and the skillsets of the attackers behind them, continue to grow. It's an escalating arms race," he said.

"In some cases organisations have no idea they have been breached until they are told by law enforcement, which can be months or years after the initial breach. When this is combined with rising numbers of successful attacks based on human misjudgement, for example the increase in successful phishing attacks, it is clear that organisations need to pay close attention to both internal and external threats," Kemp said.

Verizon studied 64,199 incidents and 2,260 confirmed breaches in 82 countries, it said.