Proven strategy to defend an organization from the risk of cyberattacks has for so long been proved to be prevention. However, the growing evolution and sophistication of cybercriminals puts a challenge in preventing cyber criminal activities. One single breach that is discovered too late can cost your business millions of dollars, damage the reputation and even move to worse case scenarios.
Detecting cyber-attacks became harder due to the ever evolving cyber crimes that became increasingly sophisticated. When the cyber surrounding is ever evolving with malicious activities cyber defenders need to think more strategically. 80% of IT experts surveyed in 2020 specifically said that prevention is the most challenging aspect of cybersecurity due to insufficient technology, weak chain of in-house expertise and the time needed to perform digital forensic analysis. 30% of the surveyed participants agreed with this statement: “My organization focuses on the detection of cyberattacks because prevention is perceived to be too difficult to achieve.” (1)
While prevention takes an important place in strategic cyber security decisions, organizations are moving towards rapid detection of threats and effective incident response. This all is not happening out of the blue. According to the EY Global Information Security Survey 2020 (2) 60% of organizations have been under some sort of cyber attack, facing material incidents over the past year and in 2019 654 US$ billions is the estimated amount lost to cyberattacks just among US companies.
What is the major issue?
Time. When a cyber attack is in progress or it already happened, IT/Cybersecurity experts have limited time to inspect, analyze and eventually detect the source of the attack before it causes any serious damages to the organization. So, again..time. Slow threat detection and incident response platforms are in these situations rather damaging than helping. Any kind of delay can cost your business millions of dollars, because it gives time to cyber attackers to perform their malicious activities in “peace” so eventually they will steal your data and cause your organization a lot of damages. On top of financial damages, legal and regulatory, and reputational consequences will follow along. Delay in incident response and direct detection has for so long been in issue in cybersecurity.
According to the Verizon investigation from 2019, 56% of breaches took months or longer to be discovered.
The global average time for identifying and containing a breach was 279 days, according to the Cost of a Data Breach Report 2019, Ponemon Institute and IBM Security.
It is like a stroke. If you are hit once, there is a big possibility that a second and third attack are following. While it is a morbid correlation it is very important to emphasize the importance of data breaches and their cost that an organization holds on its back for years. According to the above mentioned report by Ponemon Institute and IBM Security “”an average of 67 percent of breach costs came in the first year, 22 percent accrued in the second year after a breach, and 11 percent of costs occurred more than two years after a breach. “”
The long-tail costs of a breach points us into the direction where prevention performed with a rapid and efficient incident response plan and platform is the best way to stop the occurring breaches over the years and to help organizations recover from any damages caused by the breach in the fastest way possible.
Automation and speed are essential
Rapid detection and incident response need to be based on automation and speed. While being in the DFIR market for more than 13 years, Binalyze encountered how time is crucial when a data breach occurs because the faster you are the less time you give to cyber attackers to finalize their malicious activities. While collecting intelligent data from various digital forensic reports it shows us no matter how effective solutions you have deployed internally within your organization time stays as the number one asset in fighting cyber attacks. Therefore we need to listen more closely to the market needs and challenges and start running towards them. Our product roadmap is closely connected to this enhancing incident response reports with compromise assessment solutions that includes lightning fast anomaly scans in seconds rather than weeks and chronological display of events that will save you a ton of time and in the end a ton of money.
The end goal is to help reduce the complexity and cost of fighting cybercrime, and in this battle – we are all in together. Let’s innovate digital forensics.