New data shows how poorly organizations are at identifying – let alone removing – an attacker's foothold, putting themselves at continued risk of further attacks and data breaches.
We’d like to think our security stance includes some really great abilities to detect, investigate, detect, and remediate an attack. But new data from the Identity Theft Research Center’s Q1 Data Breach Analysis report shows that many organizations simply don’t know how to find the root cause of an attack resulting in a data breach.
Q1 saw 445 reported data breaches, down from 512 the previous quarter. Despite the lower number of breaches reported to the ITRC, they did notice an increase in the percentage of breaches where there was no actionable information about the root cause of the compromise. In 42% of data breaches in Q1, organizations had no indicators of where the initial compromise occurred. To make matters worse, of the top ten data breaches reported, 60% of them could not identify a root cause.
Not knowing how threat actors got in leaves the door open for continued leverage of the likely persistence established to either attack again or sell off the access to another threat group.
According to the report, 378 of the data breaches were cyber attacks, with the top three attack types being phishing, ransomware, and malware. Cyber attacks in total affected over 85 million victims – the lion’s share of all the reported data breaches, representing 95% of all victims impacted within data breaches of all types in Q1.
Even without knowing the root cause, there are really only three major initial attack vectors to address: RDP access (simple fix: get rid of any external remote access), vulnerabilities (a bit tougher, but patch and scan for vulnerabilities), and phishing attacks (addressed with a layered set of security solutions matched with a user base that is enrolled in continual security awareness training to ensure any malicious content that gets pass security solutions is spotted by users before they unwittingly help the attacker).