How much noise is there around about the latest breach or a massive nation state-sponsored attack? But isn’t there a bigger problem we’re ignoring: what isn’t being detected or reported.
The World Economic Forum (WEF) has highlighted that a significant proportion of cybercrime goes undetected. The Department of Justice (DOJ) has recently been more specific: one in seven cyber crimes are reported, which means over 85% of cybercrime is left hidden in an organization.
What underlines these stats is a simple truth: most organizations cannot (or maybe don’t want to) quantify the true size of their cybersecurity problem. They could easily be under-calling the problem by half if you conservatively combine the WEF and DOJ estimates.
Continuing the averaging theme, that would mean organizations dealing with an extra 60 breaches and writing off another $5m to the impact of cybercrime this year.
The obvious question is why is so much so hidden?
Very often the attack was triggered by employee negligence or ignorance, and unless they work in the most forgiving corporate culture they won’t be in a hurry to own up. Over half of IT decision-makers are kept awake at night by insider threats. The cloud and new technologies will only make this worse, PWC claim 40% of business leaders worry about the vulnerability of emerging technologies.
The other big reason for a lack of reporting of cybercrime is that many attacks are so well-hidden. Cybercrime is a trillion dollar business and cybercriminals are spending more on innovation than organizations are spending on protection.
The bottom line seems to be this: cybercriminals and negligent employees are better at hiding their breaches than organizations are at detecting them. All of this makes the case for full network packet capture.
How will it help?
Total network history
When organizations have 100% network history, rapid and accurate detection of breaches can happen. Network sniffing and metadata give a partial picture, but capturing and storing all network IP packets, even the busiest network traffic, with the best lossless capture rates gives the full one. These high-fidelity traffic records are logged and stored, making detection easier and faster.
Extended packet capture timeline
To make detection realistic the network history must go back 140 days+ from the discovery of a breach. Most organizations store 4 days, which means no visibility of when the breach occurred. New full network packet capture tools can now store petabytes of data on premise, making 100s of days of data constantly available for search.
Powerful and fast search
Detection and remediation speeds of these massive data stores is fast. Now petabytes of network traffic can be searched in minutes, smarter logging further accelerates discovery, as does on premise storage.
Lower cost data storage
100% network history extended over months even years and searchable in minutes, sounds costly. It isn’t. Full network packet capture tools can now store petabytes of data at up to 80% less than other solutions.
A last thought … we can gloat and be privately relieved when a competitor suffers an attack. Or we can acknowledge that we too have ticking time bombs and be better prepared: ignorance or naivety won’t be a defense once the impact on business downtime, regulatory fines, customer loyalty and corporate reputational loss kicks in. How can you better prepare your organization? Navid Asgharzadeh, Solutions Consultant, MAGNET FORENSICS, explains how in this webinar.