Cybercriminals are using more sophisticated methods to infiltrate organisations. One of the consequences of this is that organisations are taking longer to detect and act on security breaches, increasing the risk to their operations as well as the cost of recovery.
Jaco Voigt, MD of PerfectWorx Consulting, said it takes nine months on average for South African small and medium enterprises (SMEs) to detect a security breach.
“The bad actors have become so sly that when one clicks on that dodgy link, nothing happens immediately. A false sense of security is created, particularly at under-resourced smaller firms that often cobble together defences using consumer-grade cybersecurity solutions,” said Voigt.
Voigt’s observations align with the findings of IBM’s Cost of a Data Breach 2023 report, which found that it took 233 days for the average organisation to discover an attack if the breach was identified by the attacker, 203 days if the attack was identified by a benign third party, and 182 days if discovered by the attacked organisation’s internal security teams.
According to the report, it takes longer to contain a breach depending on how it was identified. Breaches identified by the attacker took 87 days, on average, to contain. Those identified by a benign third party took 70 days and those picked up by an organisation’s internal security teams took 59 days. However, small and medium enterprises (SMEs) do not always have the internal resources to combat such threats.
Major concern
According to an article by Liquid Intelligent Technologies, SMEs that make use of remote and hybrid working models have a higher risk of security breaches than those that don’t, with employees using unsecured Wi-Fi networks – and hopping between public and private networks – being a major concern.
“The view that small businesses needn’t worry about implementing cybersecurity strategies and supporting safeguards is not only inaccurate but also dangerous to both SMEs and their partners operating in the online space. [SMEs] are, in fact, more attractive targets because they’re perceived to have weaker security measures,” said Liquid.
E-mail phishing and ransomware attacks are typically employed in attacks on SMEs, along with attacks on passwords.
“In my experience, stolen or compromised credentials are the most common cause of a data breach, and these types of attacks usually take the longest for local firms to identify,” said Voigt. – © 2024 NewsCentral Media