Reflections on the Excellus Breach

Today’s hackers harness numerous advanced attack strategies to get past traditional security solutions, including multi-vector attacks that exploit multiple security vulnerabilities, metamorphic and polymorphic malware that changes itself continually, and zero-day attacks that target newly discovered security flaws. Traditional firewall solutions fail to capture and stop today’s sophisticated attacks.Todays IT security focus on the perimeter, and once the hackers get in, there is little security and he can move laterally inside the network, undetected. Average time from attack initiation to detection is 10 months. And in a lot of cases, it is discovered not by the victim, but because of leaked data becoming public, e.g. Ashley Madison.

This is very common and according to the 2014 Verizon Data Breach Investigations report, 66 percent of security breaches take organizations months or longer to discover.

Year long breach does indicates weakness in the victim company’s IT infrastructure. The lack of post breach detection, regular security auditing and inspection may be the reasons. The longer the breach, the more damage it entails to both the customers as well as the business – from a financial as well as a reputation perspective. The responsibility lies with the business to continuously optimize their security landscape. Especially, in the face of today’s recurring public breaches, businesses should be aware of potential and lurking threats and take proactive action. Moreover, there is a lifecycle associated with breaches, and businesses should not only be engaged with pre-breach, proactive security actions, but also post-breach mitigation and security enforcement.

Large companies such as Target and Home Depot were hacked in 2014, and we will continue to see breaches surfacing and happening globally in the coming year. On average, a network is breached in hours, but the average time for breach detection is roughly 200 days. Companies are realizing that it is very hard to guarantee that their networks are never breached. But if they can cut down the time for breach detection to hours or even to a day, they can greatly cut down the damage that intruders can cause. Adoption of Post-Breach detection coincides with risk-based security methodology that is gaining acceptance, where risky issues were identified and control and mitigation were performed in real-time. This will become particularly important as companies grow bigger cloud infrastructures, and face new vulnerabilities that will require risk-based security and self-protection. This year, we have seen Kaspersky revealing that they have been a victim of a targeted hack for years. If a breach can evade a leading security vendor such as Kaspersky, it does not bode well for other organizations. In the end, organizations will find they are already victims of hacks if they dig deeper.