Businesses take 7 months to detect intruders

Corporations are taking an average of seven months to detect system breaches despite most having access to forensic information in their logs, Verizon has warned.

According to Bryan Sartin, vice president of Verizon's Research Investigations Solutions Knowledge (RISK) team, the statistic indicated a need for more security information sharing across organisations.

“That seven month window, the clues to the intrusion are there in plain English in the server logs,” Sartin told the Australian Information Security Association (AISA) conference in Sydney this week.

“There needs to be more information sharing. Ninety percent of crimes could be prevented with simple security measures.”

Verizon's RISK team collaborates with entities such as the Australian Federal Police and the US Secret Service, and has been undertaking forensic investigations of data breaches for the last eight years.

Companies losing data to security breaches generally weren’t the Fortune 500 targets usually highlighted in the press, Sartin noted, echoing findings of Verizon's 2011 Data Breach Investigations report.

Instead, he said financial thieves tended to target small and medium sized enterprises, which were losing financial information such as credit card details to cyber criminals.

Hactivism on the rise

Sartin said the level of financial crime was generally falling in comparison to the rise in hacktivism, and in cyber espionage.

“There’s been a landscape shift in the last year in terms of a change in modus operandi for cyber criminals,” he noted.

“Financial crimes are dropping as an overall proportion of data breaches, but hacktivism and cyber espionage are rising to make up the gap.”

Data breaches at large organisations tended be cases of cyber espionage, Sartin noted, with criminals targeting industrial and trade secrets as a means of boosting the competitiveness of indigenous industries.

Sartin also noted the recurrence of types of crimes such as data breaches, DDOS and so forth.

There was very little technical innovation by cyber criminals, he said, describing banner attacks, such as the use of Stuxnet against the Iranian nuclear program, as the exception rather than the rule.

“We very rarely see anything that’s very interesting,” he said. “It’s the same old stuff over and over again, a bit like a broken record.”

In fact, Sartin said, crimes were actually becoming less complex, because potential cyber crooks were taking advantage of tools and techniques readily available for download on the internet.

End users and their log on credentials were a particularly commonly targeted vulnerability. Sartin said most attacks came from remote access regimes designed to allow employees to work from home, or for remote diagnostics.

“Seventy four percent of all points of entry are through remote access,” he said.