Companies Lack Real-Time Breach-Detection Capabilities: Survey

Recommendations include a strategy for mitigating liabilities, in addition to preventive controls such as authentication, access control lists and firewalls.

More than 40 percent of security professionals have no or very limited automated capabilities, including real-time alerts or daily/weekly reporting, to detect data breaches, according to a survey conducted by Varonis, a data protection specialist. The survey finds that 24 percent of respondents did not have any automation technologies to detect breaches by monitoring for privilege escalations, suspicious data access, file access changes or unusual email event activity, while another 19 percent had a basic capability to detect some of these situations. Surprisingly, the survey reveals that only 6 percent of survey respondents could monitor for these events in real time. "The findings were particularly alarming in light of the fact that, since there's no perfect system of safeguards, a breach by hackers, other unauthorized users and authorized users that abuse their access is inevitable," David Gibson, Varonis vice president, said in a statement. The study, based on a poll of 248 security professionals at Infosecurity events in Orlando, Fla., and London, also finds that only 28 percent of respondents have the capability to detect suspicious access to data. Although attacks can't always be prevented, companies need to be able to detect what they don't prevent, stated Gibson.

"In other words, businesses must assume that as long as they store sensitive data, someone will try to get to it, and a hacker or an insider will gain access at some point," Gibson added. "Therefore, Plan B detection methods are vital in stopping breaches as soon as they start, thereby limiting the damage."

The survey finds that only 29 percent of respondents have the ability to detect when sensitive data files have been accessed or created, which is a problem because an IT department's "ability to track this data is key to breach-mitigation efforts." Attackers target the finance, retail and food industries, as well as point-of-sale (POS) devices, databases and desktops, according to Verizon's 2013 Data Breach Investigations Report. Supporting Varonis' survey results, the Verizon report finds that 69 percent of breaches were discovered by external parties, and 66 percent of breaches took months or more to discover. Because security breaches are a certainly, it makes sense to have a Plan B, or a strategy for mitigating liabilities, in addition to preventive controls such as authentication, access control lists and firewalls, according to Gibson. He recommends techniques for detecting and monitoring unusual system events, as well as detective controls that track and analyze user, file system and OS activity for anomalous patterns. The good news is that large enterprises are doing a better job of finding anomalous file and system events. Case-in-point: 36 percent of respondents at large enterprises use automated techniques to detect file access control changes, compared with an overall average of 28 percent, and 37 percent use automation to detect privilege escalation, compared with a 30 percent average.