Cyber Attackers Don’t Need to Rush

Yesterday, Excellus BlueCross/BlueShield announced yet another data breach, exposing 10.5 million records. That sounds like a lot (and it is), but the real eye-popping figure is how much time the attackers had to work with before the compromise was detected. In the Excellus case, the compromise started on December 23, 2013, and wasn’t discovered until August 5, 2015. That’s 590 days. And as other prominent breaches have shown, attackers need far less time than that to do damage.

Anthem lost 80 million records in 48 days, Target lost 40 million credit and debit cards in 33 days, and the Office of Personnel Management lost 21 million detailed personnel records in in 182 days. Ponemon Institute research points to an average detection time of 98 days.

Network and threat monitoring is never going to solve this problem. Data volume is only increasing, attacks are only becoming more sophisticated in their ability to obfuscate themselves, and users are doing more and more through encrypted channels on under-protected systems.

Only organizations that can overcome their squeamishness about addressing the problem where it begins, on the endpoints, will ever be able to reduce these times and prevent these breaches. One corrupted system results in a swarm of new events, additional corrupted systems, and typically a well-concealed jumping-off point for additional attacks and data theft. It is well-past time to stop the attacks where and when they start.