Most UK businesses fear they would fail to detect online attacks early enough, says McAfee report
The majority of UK organisations feel they are unprepared to take on the wide range of online threats targeting their business, despite British companies coming under attack more during 2014 than ever before, a report has found.
Security firm McAfee discovered that less than a third (27 percent) of UK organisations said they were confident in their ability to detect cyber attacks within minutes, with just under half saying that it would take days, weeks, or even months before they noticed suspicious behaviour. However, this was higher than the global figure of 24 percent, suggesting that British firms were dealing with threats better than many other countries.
Overall, the McAfee report over two thirds (69 percent) of UK organisations investigated 10 or more cyber attacks last year, far higher than the global figure of 58 percent.
“You only have an advantage over your attackers when you address the time-to-discovery challenge,” said Raj Samani, VP and CTO for Intel Security, Emea. “IT departments are inundated by alerts every day and the job to sift through threat data becomes a huge task. With real time intelligence and analytics, the overwhelming process of filtering this sea of alerts and indicators can be simplified and organisations can gain a deeper understanding supporting the context of relevant events. As a result, organisations can detect and deflect attacks much more quickly.”
McAfee is looking to improve the response time of organisations who think they may be under threat by outlining the most common attack activities successful organisations track to detect and deflect targeted attacks.
Among the eight distinct activities are indicators such as unusual out-of-business hours activity on the network, internal hosts communicating with known bad destinations or to a foreign country where organisations don’t conduct business, and multiple alarm events from a single host or duplicate events across multiple machines in the same subnet over a 24-hour period, such as repeated authentication failures.
McAfee says that businesses need to be utilising Security Information and Event Management (Siem) systems in order to be able to quickly detect and contain threats. Its report, When Minutes Count, found that 71 percent of businesses which were able to respond fast to threats had such Siem tools.