How much do you actually know about what happens during a breach?

Published on 03 April 2018

Many businesses know that a cyberattack is very likely to happen to them, with more than two-thirds expecting to suffer breaches in 2018. But how much do they really know about what happens during a security breach? And how can businesses begin to understand them better to prevent similar attacks from happening again in the future?

Step one: knowing that a breach has happened

Balabit’s research shows that, in 2017, less than half (48%) of businesses were confident that they’d even know if a security breach had happened to them. It’s an alarming statistic, suggesting that businesses really don’t seem to know much about the ins-and-outs of their security. They know breaches are likely to happen, but their understanding of them stops there.

Improving knowledge around the security breaches that are happening is a crucial step towards preventing them in the future. It really should be a given that businesses are able to pinpoint the moment when a security breach took place. Ideally, if anything, they should be able to do that in real-time. Moreover, it’s not just about being able to say when – it’s also about being able to say how.

Step two: take the insider threat more seriously

Our research also uncovered that 58% of businesses admit they’re not taking security threats associated with ‘privileged’ accounts seriously enough. Again, this seems extraordinary, especially when so many breaches begin internally.

A privileged account is one with authorized access to the most critical systems in an organization’s network, voluntarily granted by the IT team. Obviously, every business needs and will have a number of these. But with 44% of breaches involving privileged accounts, they’re a clear weak-spot in terms of security. Businesses, by their own admission, need to get a stronger grip on how they manage privileged accounts – especially if they’re to prevent the breaches that they know are imminent.

Step three: let technology do the heavy-lifting

With 73% of businesses of the belief that IT technologies struggle to keep up with security threats, it’s clear that they aren’t always investing in the right kind of solutions. There’s definitely an element of indecisiveness when it comes to choosing which technologies will best be able to cope with the kind of threats they each face.

One thing that’s certain is that privileged access management tools wouldn’t be a bad place for most businesses to start. They’re a highly effective way of dealing with the insider threat, giving the IT team complete oversight of all the privileged account users in their IT environment, thereby making it difficult for accounts to slip the net and fall into the hands of hackers. They also build a picture of the behavior of all genuine privileged users, so that any behavior that sits outside of the norm can be traced immediately, with session shutdown or increased monitoring options for the IT team.

Essentially, they move protection a step from the password. Offering genuine understanding of networks and breaches, from which IT leaders can begin learning a process in the prevention of hacks.

With so many businesses having so little knowledge of security attacks and breaches, something has to change. Particularly if we’re to prevent today’s network unknowns from becoming tomorrow’s as well.

To learn more about what happens during a security breach, download The Known Unknowns of Cyber Security report.

by Balabit

Balabit, a One Identity business, is a leading provider of Privileged Access Management (PAM) and Log Management solutions. Founded in 2000, Balabit has a proven track record of helping businesses reduce the risk of data breaches associated with privileged accounts.

share this article
Mitigate against privileged account risks
Get in touch

Recent Resources

The top IT Security trends to watch out for in 2018

With 2017 now done and dusted, it’s time to think ...

The key takeaways from 2017’s biggest breaches

Like many years before it, 2017 has seen a large ...

Why is IT Security winning battles, but losing the war…?

This is a guest post by Adrian Asher, CISO at London ...

“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”

– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser