Companies Lack Real-Time Breach-Detection Capabilities: Survey
Recommendations include a strategy for mitigating liabilities, in addition to preventive controls such as authentication, access control lists and firewalls.More than 40 percent of security professionals have no or very limited automated capabilities, including real-time alerts or daily/weekly reporting, to detect data breaches, according to a survey conducted by Varonis, a data protection specialist. The survey finds that 24 percent of respondents did not have any automation technologies to detect breaches by monitoring for privilege escalations, suspicious data access, file access changes or unusual email event activity, while another 19 percent had a basic capability to detect some of these situations. Surprisingly, the survey reveals that only 6 percent of survey respondents could monitor for these events in real time. "The findings were particularly alarming in light of the fact that, since there's no perfect system of safeguards, a breach by hackers, other unauthorized users and authorized users that abuse their access is inevitable," David Gibson, Varonis vice president, said in a statement. The study, based on a poll of 248 security professionals at Infosecurity events in Orlando, Fla., and London, also finds that only 28 percent of respondents have the capability to detect suspicious access to data. Although attacks can't always be prevented, companies need to be able to detect what they don't prevent, stated Gibson.
"In other words, businesses must assume that as long as they store sensitive data, someone will try to get to it, and a hacker or an insider will gain access at some point," Gibson added. "Therefore, Plan B detection methods are vital in stopping breaches as soon as they start, thereby limiting the damage."