Organizations are falling asleep at the wheel, failing to proactively monitor or properly configure existing security systems and address common weaknesses being targeted by cybercriminals, say incident responders, investigators and other experts at RSA Conference 2014.
Over the past 10 years attackers have cut the time it takes to compromise a system, according to a preview of the Verizon 2014 Data Breach Investigations Report, which highlights hundreds of breaches throughout the year and about a decade worth of security incidents to spot significant trends.
The time it takes for an attacker to compromise a system in three-quarters of breaches is days or less, according to the analysis. But less than 25 percent of breaches are discovered in days or less, said Wade Baker, creator and principal analyst of the Verizon 2014 Data Breach Investigations Report.
“This is not a good situation,” Baker said. “If this is the 10-year study of where we’ve come, the bad guys are winning at a faster rate than the good guys are winning and we’ve got to solve that; we’ve got to do something different.”
At an event held for press and analysts Tuesday at the RSA Conference, a panel of experts discussed the trends uncovered in the Verizon report. The report combines Verizon’s case load with data from public and private organizations, including the U.S. Secret Service, the United States Computer Emergency Readiness Team (US-CERT) as well as international law enforcement agencies and incident response teams. Verizon said it added 50 new contributors of breach information, including forensics providers, global services firms and other security vendors.
The recent massive Target data breach has placed a spotlight on a wave of retail data breaches, believed to be connected to the same cybercriminal organization, experts said. The Target breach was carried out by attackers in the U.S. and abroad, said Ed Lowrey, deputy special agent in charge at the U.S. Secret Service. Lowrey said attackers are well organized, use sophisticated tools and plan their attacks carefully.
“These are professional criminals that study their future victims; they are looking for the vulnerabilities they can exploit,” said Lowrey. “The actual intrusion happens very, very quickly, but the work they do ahead of time does not necessarily happen that quickly.”
NEXT: Security Models Are Broken, Experts Say