Cyber-attack detection has come along in leaps and bounds over the past few years, and is still improving. It has also seen enormous investment and progress across the world, making it is possible now to detect even the stealthiest and most innovative of attackers faster than ever before. And for many years, security experts have vocally advocated the need for enterprises to invest evenly across Prediction, Prevention, Detection and Response. From a survey conducted by cyber security company F-Secure, prevention still takes the lead in investment, with 40% of enterprises naming it as their highest cost. Detection is gradually climbing up the priority list, coming in as the second highest for 34% of enterprises whilst Response is currently the lowest priority and spend for 44% of enterprises.
Most data breaches are opportunistic attacks against smaller companies unprepared for a sophisticated cyber-attack. According to Gartner, by the end of 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, which is an increase from less than 30% in 2016. One major issue to consider is that there is still a large time gap between an attack being detected and the appropriate response actions being taken to contain and remediate it. According to the Ponemon Institute, it takes an average of 69 days to respond to an attack once it has been detected. The actual detection itself takes on average 100 days from the initial compromise. The median cost to resolve a breach is upwards of R350 000 per day. This is not counting other associated costs, such as system downtime, recovering lost or compromised data, restoring business-critical functions, paying regulatory fines, and managing both public relations and the increase in customer queries and communications. The faster a data breach can be contained by an organisation, the lower the cost and impact to the organisation.
There are a number of complex reasons for the response gap but it is usually due to an organisation’s structural set-up. This includes how much investment is given to responses with the major reasons for gaps in response times due to attacks not being actioned appropriately, organisations not having the right technology to respond, and cyber skills shortages.
Such responses gaps can be problematic financially and for other reasons, and there are a number of reasons why the response gap is not sustainable against the current and evolving threat landscape. One of these is that evidence, and the learnings from it, fades over time. The longer it takes to respond, the greater the cost implications and the less an organisation can glean crucial information about the attack, including how the attackers got in, what they targeted, and if they were successful – all of which are crucial to minimize the wide-ranging potential impacts. Forensic and log evidence, especially, suffer with the passage of time, due in many cases to log retention policies not being in line with an organisation’s threat profile.
The fluidity of many IT estates means that technology gets updated, employees come and go, and also, companies get acquired by other companies. All of these contribute to evidence becoming obsolete or deleted.
This is where F-Secure’s Rapid Detection and Response solution comes into the picture to help organisations reduce their response gaps substantially in order to protect themselves against getting compromised. Download the RDR Solution Overview and/or get the Product Facts as well as the Broad Context Detection™ whitepaper.
Free 30-day trial:
F-Secure Rapid Detection & Response and F-Secure Computer Protection
Try out our top combination for 30 days – award winning endpoint protection coupled with advanced threat detection and response to detect and stop breaches.
- Industry-leading Windows, Mac and Linux workstation security with protection against malware, trojans and backdoors
- Get immediate visibility into your IT environment and detect cyber attacks and IT problems in minutes
- Respond to threats with automation and guidance or get help with difficult threat detections from F-Secure