A recent survey shows that many businesses are confident in their ability to detect a data breach, though some experts question whether that confidence is justified.
Successful attacks on organizations including Target, eBay and Evernote have demonstrated that even large businesses are not immune to cyber threats. However, the survey, conducted by Atomic Research and sponsored by security solutions provider Tripwire, Inc., showed that many companies have not increased the level of attention given to their security.
The survey included 253 organizations in the U.K., all of which process card payments. Of the 253 organizations, 102 were financial and 151 were retail.
Overall, 56 percent of respondents felt their customer data is very well protected. The survey also found 61 percent of retail and 65 percent of financial organizations believed they could detect a breach within 48 hours, which runs contrary to many recent breaches.
“In reality, nearly all of the recent publicly disclosed breaches have gone on for months without detection,” Dwayne Melancon, chief technology officer at Tripwire, said in a statement.
Verizon’s 2014 Data Breach Investigations Report showed 22 percent of Crimeware incidents took days to discover, 85 percent of POS intrusions took weeks to discover and 62 percent of cyber-espionage attacks took months to discover.
Melancon concluded by saying, “These attitudes seem to indicate a high degree of overconfidence or naiveté among information security practitioners. I believe a number of these organizations may be in for a rude awakening if their systems are targeted by criminals.”
[ image courtesy of Tripwire ]