A vast majority of organizations that suffer malicious network intrusions do not detect the breach themselves, a new global security report from Trustwave showed.

External Versus Internal Detection

Trustwave analyzed data from over 574 data breach investigations in 2014 and discovered that in 81 percent of the cases, an external party notified the victims of the compromise.

In such situations, the median length of time it took for an organization to detect a breach was 126 days, compared to 108 days in 2013. In situations where an external party notified the victim of a data breach, the median length of time from initial intrusion to containment was 111 days.

In contrast, companies that discovered breaches on their own tended to be much quicker at discovering and mitigating the issue, the report showed. The median length of time to detect a breach was just 10 days when companies found them on their own, and half took just one day to mitigate the threat after detecting it. The median length of time between initial intrusion and mitigation was just over 14 days in situations where organizations identified a breach themselves.

Significant Trends From the Global Security Report

The numbers are important because the length of time an intrusion remains undetected and the manner in which the intrusion is detected can have a significant impact on the severity of a breach.

The Home Depot breach, which exposed data on over 56 million debit and credit cards, remained undetected for over four months. The retailer did not discover the intrusion until its banking partners and law enforcement notified it about a potential issue, according to a corporate announcement.

Several other organizations that have suffered similarly large compromises have had the same experience. Another example is retailer Neiman Marcus, which took four months to discover an intrusion that ended up compromising data on some 1.1 million credit and debit cards, The New York Times reported.

The longer a data breach lasts and the longer an attacker occupies the network gathering data, the more costly the breach is likely to be, Trustwave noted.

Web Application Flaws a Major Worry

The company’s global security report also showed that Web application vulnerabilities continue to pose a major threat for enterprises. A full 98 percent of applications that Trustwave encountered in its breach investigations had at least one vulnerability. The largest number of flaws in a single application was 747. Meanwhile, the median number of flaws in an average application hit 20, an increase of 43 percent.

Roughly 35 percent of the flaws that Trustwave discovered were of the information-leakage variety. Examples of such flaws included form-caching vulnerabilities and application exception handling issues. Cross-site scripting flaws, which have long been the bane of Web applications, dwindled somewhat in 2014, but the number of SQL injection errors, which are another major issue, increased by 10 percent. About 15 percent of the data breaches that Trustwave investigated in 2014 involved input validation errors such as SQL injection vulnerabilities, the report noted.

Retailers Are the Most Frequent Victims

More than half of the compromises analyzed for the report occurred in the U.S., with retailers accounting for a substantial proportion of the breached entities. About 43 percent of Trustwave’s investigations involved retailers, 13 percent were from the food and beverage industry and 12 percent of the victims belonged to the hospitality sector. In a majority of the cases, intruders gained access to these entities by taking advantage of weak remote access security and weak passwords. Together, these two weaknesses enabled over 55 percent of the breaches investigated last year, Trustwave said.

If companies are to limit the damage done by data breaches, they must buff up their security detection measures to ensure a fast reaction time to problems. Having an incident response plan in place, investing in security infrastructure and proactively setting up safeguards against cybercriminals can help avoid major events.