BroadwayWorld reports on a new cyber security survey, which shows that 80 percent of IT professionals think they can detect a data breach within a week. That would be great news if it were true. In the real world, detecting a data breach can be like finding a needle in a haystack.
The survey was taken at Black Hat security conference, so maybe the participants – many of the industry's top minds – were feeling bullish on their powers of perception. They responded as follows:
- 51 percent said they can identity a data breach between 24 and 48 hours after it occurred.
- 18 percent said they could detect a breach within three days.
- 11 percent said they could spot a data breach within a week.
However, according to Mandiant's 2014 report, the average detection time for a breach is 229 days. That's a long time for a business to hemorrhage data to cyber thieves.
In order to understand why there's a discrepancy between what security folks think they can achieve and what the numbers show, let's look at how breaches are identified.
IT Consultant Conundrum: Why Is It Hard to Identify Data Breaches?
Security software flags things it considers to be potential threats, but there's a problem. So many things get flagged that it's incredibly hard for IT professionals to know which threats are significant.
Take, for example, the Target data breach. As we covered in our blog post, "When a Client's Data Breach Is Good News," like many companies, Target was running top-flight security software. So how was the company breached? Well, its FireEye software correctly identified and flagged the malware that ended up infecting the retail giant's computers. Unfortunately, the company's security consultants get hundreds of these flagged warnings every day, the vast majority of which are absolutely harmless.
In fact, many normal company processes get flagged, so consultants get in the habit of approving them. Security software can identify threats, but it gives too many false positives to be reliable. With malware attacks surrounded by countless false positives, it truly is like finding a needle in a haystack.
Human Error and Data Breaches: Understanding Your Limits and Liability
IT security analysts overestimate their ability to spot and neutralize a data breach. But as a business owner, you can't afford to be overly confident and assume that you'll be able to stop every attack and prevent every data breach. That kind of hubris can lead to lawsuits and the tremendous legal costs that come with them.
Here are some pitfalls to avoid:
- Overestimating the strength of your security software. As we saw above, even the best anti-malware software has flaws.
- Overpromising to clients. Clients want you to guarantee that their system is perfectly secure. As you know, that's impossible. The only way to make a network secure is to unplug it (and that's not going to happen). Present yourself as a realist, and guide your clients through practical and effective solutions.
- Underestimating data breach prevention. Prevention is just as important as security infrastructure. Make efforts to minimize your client's network exposures. Consolidating data, encryption, and other preventive techniques are vital for limiting risks.
- Being unprepared for data breach lawsuits. If you're sued for a data breach or other IT issue, your business may not survive the hit. Simply put, lawsuits are expensive. If you can't afford a six-figure legal bill, you could be forced into bankruptcy.
Going forward, it's important to understand that IT security consultants are not invincible. You need to take a proactive approach to risk management.
One way to do that is to ensure your business has Professional Liability Insurance for IT consultants. This coverage pays for data breach lawsuits and other disputes over your work.