Compromise Lasted Four Months
Attackers had nearly four months to watch their targets at the Times. The Data Breach Investigations Report, which analyzed more than 800 data breaches, found that most companies were made aware of the breach by a third-party, such as a law enforcement fraud investigation or service provider. Antivirus has been found to be inadequate against most attacks. The Times, which was using antivirus from Symantec, said it was woefully inadequate; however, Symantec responded saying that antivirus alone is not enough. Security experts point out that while some firms have deployed security information and event management (SIEM) systems to collect log data, few are actively monitoring the appliance to detect anomalous behavior and investigate a problem before it becomes a serious breach.