CYBER SECURITY: FOR DEFENDERS, IT’S ABOUT TIME

CYBER SECURITY: FOR DEFENDERS, IT’S ABOUT TIME

How does such a time lag affect risk? Risk, properly understood, involves the likelihood of a particular event, such as a data breach, and its potential business impact. Aberdeen has developed a simple Monte Carlo analysis to assess risk in a number of security categories.

In a recent report, Aberdeen Group leveraged Verizon Data Breach Investigations Report data to uncover the distribution of attacker “dwell times,” i.e., the total time in days from attacker compromise to defender detection.

The median attacker dwell time for data breaches between 2014 and 2016 was about 38 days. This means that in half of the successful data breaches, detection by the defenders took five to six weeks or less. In the other half, detection took as long as four years!

Aberdeen’s report used this analysis to provide four illustrative examples showing how recapturing an advantage of time can help defenders reduce risk.

Time and Data Protection

Indeed, by incorporating this assumption into Aberdeen’s Monte Carlo analysis, it turns out that responding twice as fast to data breaches can lower the business impact by about 30%.

Data loss is not the only consequence of a security incident. Sophisticated attacks on enterprise networks and network-based services can also result in substantial business impact involving both the availability and performance of enterprise systems.

Based on insights from empirical data on DDoS attacks, Aberdeen discovered that the business impact from a sustained disruption in availability grows continually from the time of compromise to the time of remediation. Security professionals are reducing the likelihood of endpoint security incidents through faster identification and containment of zero-day malware. They are also reducing the business impact of such incidents by adopting flexible approaches to response that.

The impact of time on data centre and cloud security can best be understood by considering the time, cost, and complexity of a traditional vendor patching approach to databases and applications.

Looking at the impact of this disruption on revenue and user productivity, and factoring in the cost of administrative staff, Aberdeen estimates the business impact of a traditional, vendor patching approach to be between 1% and 8% of annual revenue, with a median value of about 4%.

There is an alternative to this approach: virtual patching (sometimes known as external patching or vulnerability shielding.) When using a virtual patching approach the window of vulnerability — i.e., the time from public disclosure to eventual mitigation — is substantially shorter. This significantly reduces the likelihood that enterprise databases and applications may be compromised at all.

The impact of time on data centre and cloud security can best be understood by considering the time, cost, and complexity of a traditional vendor patching approach to databases and applications.

The importance of time in the realm of endpoint security is amplified by the volume of vulnerabilities and exploits to which users are subjected, not to mention the increasing sophistication and targeted nature of attacks.

Security professionals are reducing the likelihood of endpoint security incidents through faster identification and containment of zero-day malware. They are also reducing the business impact of such incidents by adopting flexible approaches to response that sustain the productivity of users and improve the productivity of responders.

Enterprises need to recapture the advantage of time when it comes to cyber security risk. To this end, security organizations should prioritize investments in capabilities that are aligned with the current reality of threats and vulnerabilities.

Specifically, they should focus on capabilities designed to:

Reduce the likelihood and business impact of attacks while shortening detection and response times.

Maintain the productivity of users (e.g., minimize friction in workflows).

Increase the productivity of defenders (e.g., detect and resolve more threats and incidents, faster).

For more information, contact info@ss-limited.com or marketing@ss-limited.com


Introducing SSLCloud HRMS Suite Customized and cost-effective IT solutionsClick here for SSLCloud HR solution