Industry News

Half of Security Specialists Need More Than Two Days to Detect and Repair Breaches

Some 50% of security specialists took two days or longer to detect and remediate breaches, while another 7% knew neither the dwell time nor how to solve the issues, according to a survey by SANS Institute.

The length of time from an attacker’s initial entry into a network to the detection correlates most closely to the total cost of a breach. The longer an attacker has free access on a network, the more substantial the data loss, severity of customer data theft and subsequent regulatory penalties. In 2014, the average consolidated total cost of a data breach rose 23% from 2013 to $3.8 million, according to HOTforSecurity.

Some 37% of the respondents cited an average dwell time as less than 24 hours, while 36% of organizations took 24 hours or less to remediate real breaches. The figures show a modest improvement over the previous survey, in which 30% remediated breaches in 24 hours or less, while 17% took one to two days to remediate, 51% took more than two days to remediate and 6% took three months or longer.

Nearly four in 10 respondents say their teams can’t distinguish malicious events from non-events, and 45% cited lack of visibility into events across a variety of systems and domains as key impediments to effective incident response (IR).

“These answers suggest the need for more precise conditions for security information and event management (SIEM) alerts, as well as the need for more specialized IR skills,” authors of the study found. “Skills, while in demand, are also hard to come by, with 66% of survey takers citing a skills shortage as being an impediment to effective IR.”

More than half of the security specialists surveyed (54%) cited budgetary shortages for tools and technology, 45% lack visibility into system or domain events, 41% lack procedural reviews and practice, and 37% have trouble distinguishing malicious events from non-events.

The study was conducted on 507 respondents – more than half being security analysts, CSOs and CIOs – from 14 regions and countries, with many from global organizations.

About the author


Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship. He enjoys having innovative approaches on hot topics and thinks that the massive amount of information that attacks us on a daily basis via TV and internet makes us less informed than we even think. The lack of relevance is the main issue in nowadays environment so he plans to emphasize real news on