DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Trustwave: Detection of intrusions can sometimes take two years

Posted on February 12, 2013 by Dissent

Dan Raywood has a piece in SC Magazine about how long it takes to detect breaches:

Companies are still failing to detect data breaches and hacking incidents, with outsiders getting access and sitting on the corporate network for up to two years in some cases.

According to the Trustwave 2013 global security report, organisations fail to detect attacks and breaches and EMEA Trustwave Spiderlabs director John Yeo said that this ‘exacerbates the data breach’. He said: “This is the point where an intrusion leads to a data breach, our investigation found that sometimes, attackers spent two years living in the environment and exposing data records.”

Read more on SC Magazine.

I wonder how/whether the Trustwave and Verizon DBIR findings might be used in the lawsuit naming Trustwave for their role in the South Carolina Department of Revenue breach. The court is currently considering dismissing them as a defendant. Their findings might also be relevant should they be sued for their role in the more recent Jetro/Restaurant Depot breach.

As always, I guess we’ll have to wait to see.

Category: Commentaries and Analyses

Post navigation

← Should This Doctor Have Slammed Her Patient on Facebook?
Banks Ask 5th Circ. To Revive Heartland Data Breach Claims →

1 thought on “Trustwave: Detection of intrusions can sometimes take two years”

  1. IA Eng says:
    February 19, 2013 at 7:32 am

    This is another great FAIL when it comes to security. Someone in the realm of business deems that security doesn’t matter – and that the god almighty dollar (of any type) does. In the LONG run, its the company’s fault. BUT if there is a senor security individual that is still there that had a place in making the security decisions then they ought to be brought forward and asked why they failed.

    You see, making the Security folks name shine in the limelight may make the ones who only are there for the money cringe. They know who they are. They point fingers at the company and say the company isn’t taking security seriously. Its hogwash. You need 1) people skills, 2) technical skills, 3) Leadership & Management skills and 4) Common sense DO apply.

    There is a serious lack of Professional Security folks out there. One is because the company would rather pay for a lesser qualified individual and cross their fingers and HOPE they don’t get breached. The ole saying does apply – you get what you pay for.

    Sure you can bring in a person who is a hard worker and they may fit the security hat, but that usually means that hat will spawn other hats and before you know it, the person is over worked, under paid and may eventually leave – or worse – blend in with the rest of the crew.

    Breaches CAN be halted before they even have a chance to occur. It doesn’t take much. It REQUIRES the person in charge of security to do their JOB. Semi-annual and new hire social engineerig awareness training, Password enforcement policies, all workstations and servers patched at LEAST on a monthly basis and some sort of IDS / IPS (Intrusion Detection / Prevention System). There are a ton of FREE security platforms that work well, AND offer some sort of alert should some one be mucking around in a place they should not be.

    Limiting Admin access on the network means less of a chance that if some one’s account gets hijacked or compromised that it will lead to a breach.

    It also doesn’t take much thinking to create a network based on rings of trust. Seperate your critical machines from your everyday ones. Place them on seperate networks, and require seperate usernames and passwords to log on to critical devices.

    Tasks like this aren’t hard. Its requires motivation, enthusiasm and pride. Its crazy to think how much potential costs it would take in fines, lawyers, credit monitoring, consulting fees and everything else that comes with a breach. All it takes is squashing that risk and ante up for a security professional that does his job. There are many out there that have certifications and its about time the businesses realize that they too could be next in line for a breach

    Who ever is willing to accept this sort of immature and irresponsible way of doing business should NOT be in the business in the first place.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.