Companies need to monitor their systems more intensively if they want to avoid security breaches according to IT security firm Logicalis.
The warning comes after it was revealed that hackers had been in the systems of credit monitoring company Equifax for over two-and-a-half months before the breach was detected.
Hackers had access to the credit details of up to 143 million Equifax customers, across the USA, Canada, and the UK including names, social security numbers, birthdates, addresses, and in some cases driver’s license numbers.
Ricky Magalhaes, Managed Security Services Director at Logicalis, said: “Proper security monitoring is one of the easiest ways for an organisation to prevent data leaks on this scale from their network. 24-hour monitoring means you can see data exfiltration happening as it occurs and identify the problem before it ends up anywhere like this magnitude. When we are monitoring systems we would expect to discover a breach like this, alert the client, and get it patched all within less than 48-hours. Data leakages are a bit like water leakages; if you’re monitoring them properly you can see the water seepage, investigate it, identify the cause, and fix the pipe before it bursts.”
The estimated Breach Detection Gap – the time it takes for an organisation to realise their security has been breached – is an average of 146 days globally, while in EMEA (Europe Middle East and Africa) the average time to detect an intrusion is 469 days. Companies affected are usually last to discover a breach, with up to 80% of reported intrusions detected by external fraud and law enforcement monitoring, or news reports.
Mr Magalhaes added: “There are usually three ways data leaks happen: a hacker accessing the environment over time; someone finding a vulnerability in the network and exploiting it; or an employee removing it. Millions of people around the world who have Visa or Mastercards will have had them checked by Equifax so the scale of people who could have been affected by this is huge. We don’t know the full ramifications yet but people will have had their personal data compromised and the company is likely to face a huge fine.”
Comments
Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.