DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hackers Love to Strike on Saturday – Redscan report

Posted on March 14, 2019 by Dissent

Mathew J. Schwartz reports:

If you had to guess what day of the week a hacker will hit your organization, the answer might seem obvious: Hackers prefer to strike on Saturday.

Research conducted by managed security service provider Redscan confirms it. The firm filed a freedom of information request with the U.K.’s privacy watchdog, seeking anonymized information on cyber incidents reported to the regulator.

Read more on EuroInfosec.  The delay to detection data were of particular interest to me in light of what Protenus and DataBreaches.net have been tracking in U.S.over the past few years.  For their 2018 data, Protenus had reported:

…of the 141 health data breaches for which we have data, it took an average of 255 days for an healthcare organization to discover that it had suffered a breach. This represents an improvement from 2017, when it took an average of 308 days for breach detection. The median discovery time in 2018 was 28 days. There were a wide variety of time frames for discovery, with the shortest discovery time being one day and the longest being 5,605 days (15.36 years).

The median discovery was similar to what Redscan found for legal firms in the UK. Schwartz reports that Redscan’s analysis of reports in the UK found that:

legal firms were the best at spotting breaches, requiring just 25 days on average, compared to financial services firms, which required 37 days, and organizations classified as “general business,” which took 138 days. On average across all three sectors, businesses required 60 days to discover a breach.

According to Redscan’s report, the longest delay in identifying a breach was 1320 days.

Schwartz compares Redscan’s findings to FireEye’s Mandiant M-Trends 2019 report, which found that

for breaches that an organization self-discovered in 2018, attackers had been inside the network for an average of 50.5 days. When an organization was tipped off to the breach from an external source, however, attackers had already been inside the network for an average of 184 days.

But what about after a breach is discovered? How long did it take for entities to notify?  Schwartz reports that of the  181 data breaches reviewed by Redscan, it took 21 days from discovery, on average, for the organization to file a breach report to the ICO, although one organization took 142 days.  Keep in mind that this was all before GDPR went into effect.

The 21 days to notification in the UK statistic is significantly better than what Protenus and DataBreaches.net found in the health data breaches reported in 2018.  Protenus reported:

Of the 227 health data breaches for which we have data, it took an average of 73 days for organizations to report a breach to HHS, the media, or other sources after it was discovered (figure 16). These averages seem to be holding steady as this is the same average the industry experienced in 2017. The median disclosure time was 59 days, just squeaking in under the HHS required 60-day reporting window.

With the GDPR now in effect, it will be interesting to see what happens in the EU — and whether any of it will significantly impact requirements or incident response statistics here. But one thing seems clear:  no mattter where you are, if you want to bury the news, disclose it right before the weekend begins.

You fan access Redscan’s FOI report on their site.

Related posts:

  • Breach notifications needed to be made faster in 2024. Instead, they were made more slowly.
  • 1.13M Patient Records Breached From January to March 2018
  • NetDiligence 2013 report: “Cyber Liability & Data Breach Insurance Claims”
  • Third-party incidents continue to put patient ePHI at risk: Protenus
Category: Commentaries and Analyses

Post navigation

← Ad Network Sizmek Probes Account Breach
MI: High school students hack system to change grades, attendance →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.