Businesses under a cyberattack have a one-hour window to detect the breach and contain it before they risk losing control, according to a new report.
This all-important “golden hour” is the most critical period for companies to defend themselves without suffering huge losses, microchip giant Intel said in a study released early Monday morning. But all too often, victims fail to realize they are in danger or quick enough to stop the hackers.
The term “golden hour” comes from medical jargon used by doctors to refer to the window in which trauma patient have the highest likelihood of survival.
“Speed counts,” said Chris Young, a general manager for security with Intel (INTC). “There is a ‘golden hour’ for corrective action, and the clock starts the second an attack indicator is detected. Manually analyzing comprise data slows our response in those first critical minutes.”
The findings come amid a proliferation of high-profile cyber attacks in the past year. Sony, Anthem and Kmart have all had their computer systems pilfered of internal documents or sensitive customer information.
Intel’s report, based on a survey of 700 IT and security professionals at mid and large-sized organizations across the globe, is intended to shed light on why companies are seeing so many serious data breaches and the roadblocks keeping them from detecting and responding.
Last year, the respondents said their organizations conducted an average of 78 security investigations, highlighting the huge scope of the hacking problem. Of those, 28% involved targeted attacks, which are more sophisticated because they are tailored to a specific victim or go after specific kinds of information like confidential employee or customer data. Generally, most of these targeted attacks are malware-related, meaning a user’s PC can be infected with virus or spyware.
Last year, organizations with more than 5,000 employees experienced an average of 150 incidents while those with 1,000 to 4,999 employees had 41. Small organizations with 500 to 999 employees had an average of just 31 incidents during that period.
One of the potential roadblocks to recognizing that an attack is taking place are bottlenecks between security tools used to detect intrusions. Because specific security covers different parts of a company, it’s hard to get a real-time picture of what’s happening during an attack because the collected data isn’t shared.
Young says one of the biggest trends he’s seen is a recognition of the importance of cyber defenses at the board level. Top executives, well aware of hackings at other companies from news reports, are paying far more attention.
“Security has gone from back room to the board room, and this is a very good thing for the industry,” Young said. “More companies are putting more focus and budget towards security and protection.”