DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Trustwave: Detection of intrusions can sometimes take two years

Posted on February 12, 2013 by Dissent

Dan Raywood has a piece in SC Magazine about how long it takes to detect breaches:

Companies are still failing to detect data breaches and hacking incidents, with outsiders getting access and sitting on the corporate network for up to two years in some cases.

According to the Trustwave 2013 global security report, organisations fail to detect attacks and breaches and EMEA Trustwave Spiderlabs director John Yeo said that this ‘exacerbates the data breach’. He said: “This is the point where an intrusion leads to a data breach, our investigation found that sometimes, attackers spent two years living in the environment and exposing data records.”

Read more on SC Magazine.

I wonder how/whether the Trustwave and Verizon DBIR findings might be used in the lawsuit naming Trustwave for their role in the South Carolina Department of Revenue breach. The court is currently considering dismissing them as a defendant. Their findings might also be relevant should they be sued for their role in the more recent Jetro/Restaurant Depot breach.

As always, I guess we’ll have to wait to see.

Category: Commentaries and Analyses

Post navigation

← Should This Doctor Have Slammed Her Patient on Facebook?
Banks Ask 5th Circ. To Revive Heartland Data Breach Claims →

1 thought on “Trustwave: Detection of intrusions can sometimes take two years”

  1. IA Eng says:
    February 19, 2013 at 7:32 am

    This is another great FAIL when it comes to security. Someone in the realm of business deems that security doesn’t matter – and that the god almighty dollar (of any type) does. In the LONG run, its the company’s fault. BUT if there is a senor security individual that is still there that had a place in making the security decisions then they ought to be brought forward and asked why they failed.

    You see, making the Security folks name shine in the limelight may make the ones who only are there for the money cringe. They know who they are. They point fingers at the company and say the company isn’t taking security seriously. Its hogwash. You need 1) people skills, 2) technical skills, 3) Leadership & Management skills and 4) Common sense DO apply.

    There is a serious lack of Professional Security folks out there. One is because the company would rather pay for a lesser qualified individual and cross their fingers and HOPE they don’t get breached. The ole saying does apply – you get what you pay for.

    Sure you can bring in a person who is a hard worker and they may fit the security hat, but that usually means that hat will spawn other hats and before you know it, the person is over worked, under paid and may eventually leave – or worse – blend in with the rest of the crew.

    Breaches CAN be halted before they even have a chance to occur. It doesn’t take much. It REQUIRES the person in charge of security to do their JOB. Semi-annual and new hire social engineerig awareness training, Password enforcement policies, all workstations and servers patched at LEAST on a monthly basis and some sort of IDS / IPS (Intrusion Detection / Prevention System). There are a ton of FREE security platforms that work well, AND offer some sort of alert should some one be mucking around in a place they should not be.

    Limiting Admin access on the network means less of a chance that if some one’s account gets hijacked or compromised that it will lead to a breach.

    It also doesn’t take much thinking to create a network based on rings of trust. Seperate your critical machines from your everyday ones. Place them on seperate networks, and require seperate usernames and passwords to log on to critical devices.

    Tasks like this aren’t hard. Its requires motivation, enthusiasm and pride. Its crazy to think how much potential costs it would take in fines, lawyers, credit monitoring, consulting fees and everything else that comes with a breach. All it takes is squashing that risk and ante up for a security professional that does his job. There are many out there that have certifications and its about time the businesses realize that they too could be next in line for a breach

    Who ever is willing to accept this sort of immature and irresponsible way of doing business should NOT be in the business in the first place.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.