Companies Doing Poor Job of Detecting Data Breaches
A report released Tuesday shows companies may not have the security systems in place to detect data breaches when they occur. As a result, over two-thirds of data breaches last year were detected by outside sources, not the company itself.
FireEye’s annual M-Trends report showed 69% of breached organizations which it worked with in 2014 were alerted to these breaches by an “outside entity.” That figure has increased from the 63% in 2012.
The report, entitled “M-Trends 2015: A View from the Front Lines,” showed fewer companies are detecting their security breaches. In 2014, only 31% of the companies discovered they were breached using their own resources compared to 33% in 2013 and 37% in 2012.
On a positive note, the time it takes to discover a breach is on the decline. The average time decreased from 243 days in 2012 to 205 days in 2014.
78% of observed phishing emails were IT or security related, usually attempting to impersonate the targeted company’s IT department or an anti-virus vendor. This was up significantly from 44% in 2013.
According to the report, an absence of basic security protocols, such as two-factor authentication, are prevalent in many of these breaches.