Unfortunately, this is not the full story. The average organisation is subject to multiple breaches, of which only some will be detected, so the figures reported to the ICO are likely to be understated, said Peter Woollacott, CEO, Huntsman Security. The root of the problem is that organisations are under such an intense barrage of cyber activity that threat alerts; many of which turn out to be benign are overwhelming cyber security teams. There is simply too much data to analyse and verify manually. Genuine threats require immediate attention but frequently the investigation of benign and even false alarms can waste a great deal of valuable time and resources. Verizons DBIR 2016 gave a clear illustration of this problem, revealing that whilst 84% of attacks compromise their targets within days or less, under a quarter are detected within that timeframe.
Interestingly, certain industries are showing especially concerning results (3). For instance, organisations in the financial sector were responsible for reporting less than 6% of all incidents, yet they attracted 33% of all financial penalties pursued by the ICO; suggesting that when finance businesses suffer data breaches, they are of a particularly severe nature.
Quite simply, no news is bad news: if breaches arent being detected, it most likely just means that security analysts are having difficulty finding the needles in the haystack. To help them see through the noise generated by security alerts, organisations must find a way to automate threat verification and eliminate the wasted effort that result from false alarms. By using machine learning to identify otherwise invisible threats, security analysts can easily identify those that really matter, and as a result, significantly reduce their time at risk from cyber threats. This in conjunction with automation and streamlining the incident management process means that organisations can put themselves, the ICO and the wider public at greater ease that our data is safe in their hands.
The results of the Freedom of Information request also exposed a number of interesting statistics in certain key sectors:
- The sectors responsible for most data breaches remained consistent; with health, local government and education responsible for the majority of data breaches, accounting for 64% of all reported breaches (3).
- UK utilities companies reported only two security breaches to the ICO over the entire 1-year period; but considering that these critical infrastructure companies present a high risk target the numbers demand closer scrutiny.
- Despite a reputation in previous years for poor performance, Local Government shows some signs of improvement compared to many other sectors, with the number of security breaches rising by only 14%. Overall, 70% of all incidents reported by government bodies were due to disclosure of data in error; meaning reducing or identifying possible signs of human error or anomalous activity should be a priority.