Security Magazine

Businesses Take 7 Months to Detect System Intruders

October 17, 2012

Corporations are taking an average of seven months to detect system breaches despite most having access to forensic information in their logs, Verizon has warned.

“That seven month window, the clues to the intrusion are there in plain English in the server logs,”  says Bryan Sartin, vice president of Verizon's Research Investigations Solutions Knowledge (RISK) team, at the Australian Information Security Association (AISA) conference in Sydney. “There needs to be more information sharing. Ninety percent of crimes could be prevented with simple security measures.”

Companies losing data to security breaches generally weren’t the Fortune 500 targets usually highlighted in the press, Sartin noted, citing findings from Verizon's 2011 Data Breach Investigations report. Instead, he said financial thieves tend to target small and medium sized enterprises, which were losing financial information such as credit card details to cyber criminals.

Sartin also said that thieves are not technically innovative: “We very rarely see anything that’s very interesting,” he said. “It’s the same old stuff over and over again, a bit like a broken record.”

In fact, Sartin said, crimes were actually becoming less complex, because potential cyber crooks were taking advantage of tools and techniques readily available for download on the internet.

End users and their log on credentials were a particularly commonly targeted vulnerability. Sartin said most attacks came from remote access regimes designed to allow employees to work from home, or for remote diagnostics.

“Seventy four percent of all points of entry are through remote access,” he said. (iTnews.com.au)