Almost all organisations that have suffered a breach lost sensitive information, yet only 15 percent can identify a threat and just 12 percent can resolve the situation as soon as it happens
London—Thursday 4th June 2015—LogRhythm, the Security Intelligence company, today announced the results of a survey showing that almost half (46 percent) of organisations that have suffered a data breach took more than four months to detect a problem, and more than three months to mitigate the risk. Worryingly, the survey of 1,000 IT professionals, conducted by OnePoll on behalf of LogRhythm, also revealed that 70 percent of breaches were detected by a third-party, rather than the organisation itself. Perhaps unsurprisingly, 73 percent believe their company’s data is vulnerable to being hacked, while 47 percent think their company should be doing more to improve the time it takes to detect and respond to threats.
While 59 percent of IT professionals say poor cyber security practices can have a big impact on business growth, a corresponding survey of 2,000 consumers found that many employees lack the awareness required to identify potential threats. The survey revealed that 86 percent of UK consumers do not know what spearphishing is, while 40 percent of those that have fallen victim to such a ruse have ended up sharing confidential information. Despite this, two thirds (66 percent) of employees do not receive any training on how to stay safe online at work.
“It’s clear that even though big breaches are consistently making headlines around the world, businesses are still not doing enough to protect their networks from today’s threats. Every organisation today should see themselves as a target and have the necessary systems in place to identify and mitigate threats as soon as they arise – which is clearly not happening,” said Ross Brewer, vice president and managing director for international markets at LogRhythm. “While the maturity of an organisation’s security can vary dependent on budgets and its own risk tolerances, today’s threat landscape is such that if a hacker wants to get in, they will, which means every single organisation should seriously consider putting systems in place that will immediately alert them to suspicious activity.”
“What’s more, even the most bare-bones business needs to take greater responsibility for educating employees,” continues Brewer. “As the front-line of any business there is the very real danger that, without increased education, an employee could easily and unwittingly leave the door to sensitive information wide open.”
More positively, the survey indicated that employees are now less likely to steal data from an organisation than has been seen in previous LogRhythm research. Indeed, a similar survey from LogRhythm last year found that 38 percent of organisations did not have, or did not know of, any systems in place to stop employees accessing information they shouldn’t. In this year’s research this figure fell to 29 percent.
“This is a very positive step forward and shows that organisations are waking up to the insider threat. Over the last 12 months there have been a number of high profile breaches perpetrated by employees and this may have encouraged businesses to pay closer attention to internal goings-on,” said Brewer. “Clearly we are making moves in the right direction, and next year I hope we’ll see similar improvements in the time it takes businesses to detect and respond to breaches.”
LogRhythm empowers more than 4,000 customers across the globe to measurably mature their security operations program. LogRhythm’s award-winning NextGen SIEM Platform delivers comprehensive security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) within a single, integrated platform for rapid detection, response, and neutralization of threats. Built by security professionals for security professionals, LogRhythm enables security professionals at leading organizations like Cargill, NASA, and XcelEnergy to promote visibility for their cybersecurity program and reduce risk to their organization each and every day. LogRhythm is the only provider to earn the Gartner Peer Insights’ Customer Choice for SIEM designation three years in a row. To learn more, please visit logrhythm.com.