Hackers Still Outpace Breach Detection, Containment Efforts

Two different reports this spring showed that organizations are shortening the time to discovery of data breaches. That study showed that the median time between intrusion and detection fell from 26 days in 2017 to 14 days in 2018. Mandiant found that the time between intrusion and detection went down from 101 days in 2017 to 78 days in 2018. One of many industry contributors to the 2019 Verizon Data Breach Investigations Report (DBIR) released yesterday, Rudis pointed out that this year's report shows that this detection deficit is often not even accurately measured at many organizations, which means they're "already ceding the game's outcome" to adversaries. That study showed that many gains that are being made in shortening the window between intrusion and detection are due to automation: automation improved detection and containment times by 25%. A report released this week by Risk Based Security showed that while the time window between discovery and reporting has fallen quite a bit since 2014, that number may be on the uptick.