IT pros in financial services assert ability to detect breaches
Data breaches in the worlds of banking, credit and finance have nearly double between 2014 and 2015, according to the Identity Theft Resource Centre's 2015 Breach List report. Despite being unsure of how long it would take, IT pros in financial services have confidence in their ability to detect a breach.
Tripwire conducted a study of 763 IT pros from a variety of industries, including 134 respondents from finance alone, to examine the efficacy of key security controls that must be in place to quickly detect a cyber-attack in progress.
The seven key security controls required by a wide variety of compliance regulations to mitigate targeted cyber intrusions include the following: Accurate hardware inventory, accurate software inventory, continuous configuration management and hardening, comprehensive vulnerability management, patch management, log management and identity and access management.
A majority (82 percent) feel they could detect configuration changes to a network device on their organisations' networks within minutes or hours, yet 59 percent are not sure exactly how long it would take to do this. Close to all (92 percent) feel vulnerability scanning systems would generate an alert within minutes or hours if an unauthorised device were on their network. Meanwhile, 77 percent say they automatically discover 80 percent or less of the devices on their networks.
Only 37 percent said their automated tools were able to identify locations, department and other important details of network devices with unauthorised configuration changes. Almost a third (29 percent) do not detect all attempts to access files or network-accessible file shares without the appropriate privileges. Forty percent said less than 80 percent of patches are successfully fixed in a typical patch cycle.
“The path to a mature security deployment is through visibility because you cannot protect what you cannot see. Understanding what you have and how you can potentially be compromised allows security teams to focus on where attackers are likely to strike. The cost of being proactive is always less than the cost of being reactive,” said Travis Smith, senior security research engineer at Tripwire.