A recent finding by Gartner titled “Using SIEM for Targeted Attack Detection” is that 85% of breaches go undetected.  Those that are detected often occur far after the attack has taken place.  Some are on the extreme such as Nortel’s network that attackers accessed for 10 years before it was discovered while others are detected days or weeks later.  The failure to detect breaches quickly is not limited to external breaches such as those from hackers.  Carnegie Mellon found that theft of data by insiders, when discovered, is revealed on average 31 days later.

As you would assume, the longer a breach is left undetected, the more data is stolen.  Undetected breaches also increase the damage done to consumers because attackers have increased opportunity to use the data they steal by creating fake identities, ordering goods with stolen credit cards, committing fraud with stolen credentials among a host of other activities.  This is yet another reason why customers and clients are unhappy with organization’s responses to data breaches.

Early detection of breaches can reduce the impact of the breach by preventing additional data from being stolen and depriving attackers from the time they need to monetize their stolen data.  It also makes it easier to identify attackers who have less time to cover their tracks.  Valuable data such as server logs are often overwritten over the course of time and it becomes harder for employees to remember details of the date and time in question.

Companies can improve response time by implementing real time monitoring solutions with alerting functions.  In order for real- time monitoring to be effective, the organization will need to have trained employees who will receive the alerts.  This may involve several shifts to cover the entire day or persons who are on call.  Of course, real-time monitoring can also be outsourced.

A well-defined incident response plan will also aid in quickly and effectively addressing a data breach when it does occur.  Identify persons inside the organization and consultants or outside experts who can help when the breach occurs.