UK businesses report 88 percent more breaches
It's not that there are less data breaches lately -- it's that they're not being disclosed. That's basically what Huntsman Security is saying, after it requested data about error and breaches in security through the Freedom of Information Act. Between April 2015, and March 2016, a total of 2,048 incidents were reported to the Information Commissioner’s Office (ICO).
This represents a jump of 88 percent, as the year before, there were a total of 1,089 reported incidents.
"Unfortunately, this is not the full story. The average organization is subject to multiple breaches, of which only some will be detected, so the figures reported to the IOC are likely to be understated", says Peter Woollacott, CEO, Huntsman Security.
"The root of the problem is that organizations are under such an intense barrage of cyber activity that threat alerts; many of which turn out to be benign are overwhelming cyber security teams. There is simply too much data to analyze and verify manually. Genuine threats require immediate attention but frequently the investigation of benign and even false alarms can waste a great deal of valuable time and resources. Verizon’s DBIR 2016 gave a clear illustration of this problem, revealing that whilst 84 percent of attacks compromise their targets within days or less, under a quarter are detected within that timeframe".
Financial sector was particularly "concerning", the report suggests. In that sector, organizations reported less than six percent of all incidents, but drew in 33 percent of all ICO penalties.
"Quite simply, no news is bad news: if breaches aren’t being detected, it most likely just means that security analysts are having difficulty finding the needles in the haystack. To help them see through the noise generated by security alerts, organizations must find a way to automate threat verification and eliminate the wasted effort that result from false alarms", Woollacott adds. "By using machine learning to identify otherwise 'invisible' threats, security analysts can easily identify those that really matter, and as a result, significantly reduce their time at risk from cyber threats. This in conjunction with automation and streamlining the incident management process means that organizations can put themselves, the ICO and the wider public at greater ease that our data is safe in their hands".
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.
Photo Credit: chrisdorney/Shutterstock