Larry Ponemon just released a study that shows that the dwell time – the time between the attacker getting in and the business detecting it is 100-200 days depending on the industry. Many of the respondents said that they are not optimistic about improving this in the next year. Given that, incident response is important, but only a third to a half of the businesses have implemented an incident response plan (see press release).
Using the data for the retail industry in that report, here are a few highlights:
- Around 40% of the respondents think they are effective at detecting and containing threats. That means more than half DO NOT think they are good at it.
- Around a third have implemented incident response procedures. That means that two-thirds will be trying to figure out what to do when they do eventually find they have been breached.
- The mean time to identify advanced threats is 197 days with another 39 days to contain it. That means, on average, the attacker is roaming free inside the system for more than 6 months before it is detected.
This means that most (more than half) don’t think they are good at detecting and containing threats and most will not be able to effectively respond when they are breached.
Other surveys say that the vast majority of the respondents think they will be attacked in the next year.
Given these two pieces of data, it looks like a lot of businesses have some work to do.