In Brief

So Many Breaches, So Few Insights

When it comes to malicious activity on their network, information security executives have more information than ever, but that doesnt mean they know what to do with it.

By Scott Berinato

October 01, 2005CSO — The numbers on incidents, downtime and damages have remained steady, but some other numbers in this year's breach data are unsettling. First, the sharply rising number of respondents who report damages as "unknown"up to 47 percent this year from 40 percent two years agosuggests that respondents have neither the time nor the means to truly calculate losses from a breach, or if they considered the attacks minor, they didn't bother. The increased sophistication of attacks during the past year could also contribute to the rising "unknown" group.

The more complex attacks hit more complex targets. Take the hypothetical identity theft of 1,000 customer records. Many experts are concerned about "deferred loss identity theft," wherein thieves sit on stolen identities for months or years until victims believe the danger has passed. It's hard to put figures on potential outcomes like that.

Other "unknown" responses got our attention too: "Unknown" showed up in survey responses as the second most prevalent attack type, the fourth most common attack method and the third highest attack source. Plus, data or material damages trail only firewall and IDS logs as the means of discovering attacks. In other words, information security professionals most often react. They learn of attacks after the damage is done. And often once the events happened, they couldn't figure out what it was, where it came from or who did it.

CIOs, CISOs and CSOs have gotten quite good at collecting and logging events on their networksorganizing their haystacksbut haven't been able to reliably turn all that data into intelligence efficiently finding the needles before they get pricked by them. A long-term strategic goal of all information security departments should be to reorganize so that they work as an intelligence unit rather than just a data collection unit.

Other stories by Scott Berinato

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors