A month ago I wasn’t sure if I was a victim of the Dixons Carphone data breach, the news that 10 million not 1.2 million customer records are affected has convinced me. Neither I nor Dixons Carphone should feel alone: Equifax estimates also went northwards by millions in the months after their data breach. A picture is forming.
So why does it take so long to uncover the extent of a security failure?
Surely the question is: why does it take so long to recognize a security breach in the first place?
For those that don’t know, Dixons Carphone was breached a year before they realized it. That’s not unique: Ticket Master first heard of a potential breach from a business partner two months before it was confirmed.
Here’s another trend: detecting a breach is taking longer. Estimates vary but commonly it’s around 140 days. And that’s just detection, remediation is another 60 days.
As a customer I am outraged, as a CMO I feel Dixons’ corporate pain. On average last year an organization was breached 130 times, they had to search between 6-8 PBs of data, and they lost $12m as a result.
Factor in smarter cybercriminals armed with AI and more malicious insiders harnessing transformative technologies – things will only get harder.
Which is why I’m so conflicted: privately I know it will happen again, professionally I know it doesn’t have to.
There’s a simple, non-disruptive and inexpensive solution: full network packet capture. How is it the answer?
Total network history
When organizations have 100% network history, rapid and accurate detection of breaches can happen. Network sniffing and metadata give a partial picture, but capturing and storing all network IP packets, even the busiest network traffic, with the best lossless capture rates gives the full one.
These high-fidelity traffic records are logged and stored, making detection easier and faster.
Extended packet capture timeline
To make detection realistic the network history must go back 140 days+ from the discovery of a breach. Most organizations store 4 days, which means no visibility of when the breach occurred.
New full network packet capture tools can now store petabytes of data on premise, making 100s of days of data constantly available for search.
Powerful and fast search
Detection and remediation speeds of these massive data stores is fast. Now petabytes of network traffic can be searched in minutes, smarter logging further accelerates discovery, as does on premise storage.
Lower cost data storage
100% network history extended over months even years and searchable in minutes, sounds costly. It isn’t. Full network packet capture tools can now store petabytes of data at up to 80% less than other solutions.
Find out more about why organisations are looking to network packet capture – free e-paper.
Back to Dixons Carphone. They appear to be making history because of their lack of network history.
Could the same happen to you? What are you doing to prevent this?