Research Insights: The time between detection and investigation of a cyber-attack
New research from ESG and Cado Security reveals 89% of 150 companies surveyed have experienced a negative outcome in the time between detection and investigation of a cyber-attack on their cloud environments. Research further revealed it takes an average of 3.1 days to begin an investigation of a known cloud breach after data capture and processing. Other key findings include:
- 74% of security professionals say their organizations need additional data and context to conduct forensics investigations in cloud environments.
- 64% say it takes too much time to collect and process data to perform a timely investigation.
- 35% of cloud security alerts are not investigated.
Research Insights:
According to Saumitra Das, CTO and Cofounder, Blue Hexagon:
“This is very important research and a key issue we see within organizations. Cloud security has too often been left to developers and ops people who are not security experts. There is too much focus on hygiene and hardening despite the fact that a fully hardened cloud with no misconfigurations is a very hard goal to achieve. As a result, organizations do not even have visibility into an attack, both when it is happening or for incident response and forensics. There needs to be renewed focus on cloud threat #detection and response and not just posture assessment and hardening. In addition, cloud security alerts need to be prioritized so the most egregious problems get fixed otherwise there will just be a deluge of tickets to be worked on which then explains the 3.1 days.”
The key here is not 3.1 days but whether the important problems are fixed in hours and the less risky ones fixed over time.”