In today’s cyber-centric world, it is often a case of when, not if, your organisation is targeted by cyber criminals.
It is the thought of many businesses that external cyber security threats are the biggest cause of concern. Whilst external threats such as ransomware and malware attacks pose significant dangers to companies, the assertion that the majority of cyber security breaches are external is wrong.
In previous blogs, we have discussed how companies need to mitigate the risks posed by internal threats. From disgruntled employees deleting data to uneducated stakeholders engaging with phishing emails, 40% of breaches are caused by insider threats. By doing so, internal cyber attackers proactively cover their tracks by deleting log histories, hiding within volumes of normal traffic, stealing legitimate user credentials and exfiltrating data in small, infrequent batches.
With this in mind it is becoming more and more apparent that companies need clear insight and visibility into the threats that are posed by cyber criminals. Findings identified by the Ponemon study of 2018 indicate that the average cyber-criminal spends 197 days inside a network before being discovered, whilst it takes an average of 266 days to detect and respond to a cyber-attack.
The impact of a cyber-attack on any business can cause huge damage to a business – whether it be reputational or financial. A study released by the Department for Digital, Culture, Media and Sport 2018, found that 43% of businesses surveyed experienced a cyber security breach or attack in the last 12 months, whilst business insurers Hiscox state that the cost of a cyber-attack was $243,000.
Given the severity of a cyber-attack, it is no longer considered just an IT problem, it’s an entire business problem. Average losses resulting from a cyber-attack soared from $229,000 to $369,000 – an increase of 61%.
Company directors, CISOs and IT managers need to be of the mindset, what could be the worst possible outcome and how are we geared to respond?
Time is money…responding to an attack
When it comes to detecting and mitigating threats, speed is crucial. Companies need to ensure that they have the right resources – ranging from staff to systems – to ensure they can identify what is happening to their infrastructure and deal with threats quickly and efficiently. Too often companies get overwhelmed with the speed of technological change, they often lose sight of the bigger picture.
With the evolving nature of the digital threat landscape, it can be difficult—especially with limited resources—to address every incident and alert that occurs in and across your on-premises and cloud environments. Instead, you must be able to cut through the clutter of alerts and false positives to effectively highlight your threat detection and response activities.
Through Citadel Threat Detect (SIEM), powered by IBM QRadar, companies can achieve a real-time view of internal and external threats to your network through consolidated threat information and intelligence enabling identification. Not only will Citadel Detect help thwart an external attack on your organisation, but it will identify internal threats to your business by addressing unauthorised or unsanctioned user behaviour.
Taking control of your cyber security
Whether it be financial or reputational, the consequences of a cyber breach can be catastrophic and, in some cases, fatal to an organisation. Early threat detection of these cyber threats is key to help minimising harm to your business.
Discover how Citadel Threat Detect allows businesses to confidently defend against cyber-attacks and provide visibility and insight to events and activity which could pose a risk to your IT infrastructure in our latest infographic.