How Long Does It Take to Detect a Cyber Attack?

Cyber attacks are an increasingly serious risk for organizations, but many senior employees believe that their organization won’t be targeted.

They might say that their organization is too small to be on attackers’ radars, or that they don’t have anything worth attacking.

But the truth is that cyber criminals are indiscriminate in their attacks and can almost always find something worth stealing.

Many companies that say they won’t be targeted will have already been breached – they just don’t know it yet.

The Mandiant Security Effectiveness Report 2020 found that 53% of successful cyber attacks infiltrate organizations without being detected, and 91% of all incidents didn’t generate an alert.

How to detect a cyber attack

Organizations’ ability – in inability – to detect cyber attacks has tangible effects on their productivity and profitability.

Various reports have noted a correlation between the time it takes to spot an intrusion and the recovery cost.

An IBM study estimated that organizations that contained a breach in under 30 days saved more than $1 million compared to those that took longer.

Meanwhile, a Ponemon Institute report suggests that organizations should aim to identify a breach within 100 days.

The average cost of identifying a breach within this time was $5.99 million, but for breaches that took longer to identify, the average cost rose to $8.70 million.

There is a similar correlation in terms of containing a breach. Breaches that took less than 30 days to contain had an average cost of $5.87 million, but this rose to $8.83 million for breaches that took longer to contain.

The good news is that organizations have become significantly better at containing breaches, with the average time dropping from 70 days in 2016 to 55 days.

How are compromises detected?

The majority of breached organizations are notified by someone other than their own staff, according to Mandiant’s M-Trends 2020 report. It found that 53% of breaches were discovered by an external source.

The most common external source for identifying data breaches is law enforcement.

Data breaches are almost always contained sooner if detected by an organization’s staff.

By conducting routine assessments of potential vulnerabilities in your organization, you can avoid having to rely on external sources. You’ll save money, mitigate the damage of breaches, and perhaps even identify vulnerabilities before a breach takes place.

This is where penetration testing comes in. It’s essentially a controlled form of hacking in which a professional tester, working on behalf of an organization, uses the same techniques as a criminal hacker to search for vulnerabilities in the company’s networks or applications.

Penetration testing

IT Governance offers fixed-price and custom CREST-accredited penetration tests. All our tests are followed by reports that rank and rate vulnerabilities in your systems.

Find out about our penetration testing services >>

No Responses