When your company is attacked by cyber-criminals and cyber-terrorists, time is critical. There are three stages of an attack:
- Point of entry to compromise: how much time you have until you start to lose data. For about 70% of attacks, this stage is measured in hours or less.
- Compromise to discovery: how much time actually occurs before you notice. In two-thirds of the events this stage is measured in months.
- Discovery to containment: how much time it takes you to stop the loss after you discover it. For 63% of the events this stage is measured in days or less.
Like a kidnapping, the first hours are critical. In February 2014, the Ponemon Institute published a study sponsored by AccessData: “Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations.” This was a study of over 1,000 information security professionals from the US, Europe, Middle East and Africa. One key takeaway from this report: things are not going well.
Two examples from this report:
On average, 35% of cyber-attacks go undetected. For about a third of the respondents, it is actually over half of the attacks that are never detected by the attacked company. If they ever find out, it is because some third party told them.
Before you can really fix a problem and prevent its reoccurrence, you have to understand what happened. Of the respondents, 38% said it could take a year to determine the root cause of an incident, and 41% may never know the root cause with any certainty. Even after dealing with the specific event, almost 80% are still vulnerable to the same attack for a year or more.
I suggest you take the time to read the full report and think about how well your company would measure up.
Don’t expect the government to help. Many of the attacks are by governments – your own and others. At best the government can build awareness and define actions that you must take when you are successfully attacked, like notifying all of your customers who may have been impacted. With issues of security and safety, the government is best at reacting very slowly. As an example, aircraft flight recorders (the “black boxes,” which are actually orange) are based on technology from 1967. For at least nine years, the US Congress has been trying unsuccessfully to pass a bill that would update that technology. In the area of computer data security, the attackers are evolving quickly with new attacks created at least weekly.
Work with others in your industry, your software suppliers, and your partners including your Cloud Service Provider.
The last word:
Periodically I run across computer related Haikus. While originally a Japanese poetic form usually composed of three lines of 5, 7 and 5 sound units known as on or morae. in English, we count syllables in place of sound units.
Some typical examples:
Your file was so big.
It might be very useful.
But now it is gone. (David J. Liszewski)
Some are related to the Internet:
The website you seek
Cannot be located, but
Countless more exist. (Joy Rothke)
As these illustrate, many computer Haiku’s are very dark. One of my favorites:
Three things are certain:
Death, taxes and lost data.
Guess which has occurred. (David Dixon)
I have found none related to Cloud Computing. To prove I am not a poet, I attempted to create one:
My stuff in the Cloud.
Wherever I do wander,
My data is there.
Which of course should be followed by
Stay the patient course
Of little worth is your ire
The network is done. (David Ansel)
Keep your sense of humor.