Resources. Some are infinite, most are finite, and all need to be used efficiently. We are told almost daily how to live a green lifestyle and specifically the need to use our resources more efficiently to better the planet, ourselves, and our neighbors. We are told to recycle, carpool, buy used cars, buy electric cars, eat plant based meats, and a variety of other techniques to better use our existing resources.
In business, using resources wisely usually results in higher profits, better products, and happier employees. So why, then, are businesses still using security software that requires so much time and energy from their analysts? According to IBM, a data breach lifecycle was 280 days in 2020. That means breaches that originated in 2020 are still being detected and remediated as you are reading this. That same IBM report shows the average cost of a data breach in 2020 was over $3 million. When breaches happen, typical detection tools can take days, weeks, or months to collect enough actionable data.
When you use software that is incomplete and the data provided by that software requires detailed analysis your business suffers a resource loss. Analysis of data and breaches will require time, energy, and money from the business to remediate. Threatpost reports that over 80% of businesses have a mean time to detect (MTTD) of up to 30 days and over 95% of businesses have the same mean time to respond (MTTR). This puts a total detect and response time for incidents at up to 60 days for a majority of businesses and if we correlate this data with the IBM report, we see an additional 220 days for remediation.
With nearly half a million open jobs in the security industry last year, it is important that companies use their existing talent efficiently. Using detection based software for new and growing attacks focusing on client-side vulnerabilities (magecart, clickjacking, cross-site scripting, injection) require too much time and energy from your existing response team.
Depending on the solution you choose to remedy your client-side security problem, you may select a “one-stop shop” that offers solutions for multiple problems. However, those solutions never stop at one: add-on modules, platform prerequisites, and page view packages end up being an inefficient use of resources.
The low-value data provided from these solutions means your analysts are spending time reviewing false positives when they should be focusing on system-wide monitoring. Often, data investigation overlaps shift times and data analysis starts over or is not completed for another 24-48 hours depending on employee availability. In the case of a Magecart attack this could lead to thousands if not hundreds of thousands of payment data being stolen from your customers.
The growing MTTR and MTTD times caused by increased attack complexity and outdated “detect and respond” software is an inefficient strategy for client-side attacks. As a business with finite resources in an industry with a candidate shortage, it’s up to you to use your existing resources wisely. Where available, solutions should be put in place that focus on prevention over detection. This is where the real-time client-side security platform from Source Defense can be used to efficiently prevent attacks in real-time and free up your analysts to focus on other outstanding incidents.
*** This is a Security Bloggers Network syndicated blog from Blog – Source Defense authored by Randy Paszek. Read the original post at: https://sourcedefense.com/resources/blog/human-resources-part-1/