Tripwire recently hosted a webcast entitled, “PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan: Real World Cyber Attacks and Protecting Credit Card Data.”
For our presentation, Brian Honan (CISM, CGEIT, CRISC), an information systems and cybersecurity specialist and a member of the Advisory Group on Internet Security to Europol’s Cyber Crime Centre on breach investigations, joined me to discuss the importance of the new Payment Card Industry Data Security Standard 3.0. Together, we also provided some insight into how companies can leverage this new compliance standard to protect themselves against a security breach.
As reported by the 2013 Europol Serious & Organized Threat Assessment, the “total global impact of cybercrime has risen to US $3 trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined.”
This growing cost of cyber crime partially reflects the different laws that define countries’ breach disclosure policies. For example, whereas the United States has mandatory disclosure laws, the European Union has none. European-based companies that have been affected by an incident, including TK Maxx, Loyaltybuild, Stay Sure and CEC Bank, are therefore under no obligation to notify their customers of an incident. This lack of visibility may limit the affected company’s incentives to invest in detection measures that facilitate a timely response.
37% of respondents said they were not confident in their ability to detect a breach at all, according to Tripwire Online Survey, March 2015.
Acknowledging these differences in breach detection and response, we took the opportunity to poll our webcast participants in an effort to gain an understanding of companies’ breach preparedness more generally.
This finding is not new, however. In its 2014 Data Breach Investigations Report, Verizon found that a data breach usually occurred within a matter of seconds or minutes after the attackers had successfully infiltrated a company’s computer systems. The attackers would then successfully begin exfiltrating the data only a few minutes thereafter.
By contrast, Verizon found that detection would usually take at least a few weeks after the initial breach had occurred, giving the attackers plenty of time to do what they want with customers’ stolen data.
Source: Infosec Island