UK firms take on average nine hours to spot unusual network activity indicating they may be under attack, much slower than their counterparts in the US, Germany and Australia, according to new research.
Email security firm Clearswift polled 500 IT security professionals in several countries around the world, asking them to estimate how long it takes them to spot anomalous network activity.
While UK respondents claimed it took nine hours on average, their counterparts in the US (seven hours) and Australia (five hours) were seemingly much more alert to the danger of data breaches.
German security professionals estimated that they take on average eight hours to spot an attack – still faster than those in the UK.
Although the risk of a breach can come from both external hackers and internal threats, 14% of respondents claimed that until their organization suffers the latter it won’t be taken as seriously.
The study comes after a year of high profile data breaches on both sides of the Atlantic.
North America scooped the biggest headlines, with the likes of the OPM (22 million), JPMorgan (83m), Ashley Madison (30m), and Anthem (79m) affecting hundreds of millions cumulatively.
But as the TalkTalk incident has shown, UK firms have also been found wanting this year.
Recent moves at a European level this month are set to focus CEOs’ minds more seriously on such matters.
Both the newly agreed Network and Information Security (NIS) Directive and the European General Data Protection Regulation (GDPR) require mandatory breach notification on the part of affected companies.
Clearswift senior vice president of products, Guy Bunker, argued that to speed up their ability to spot breaches, UK security professionals need to have a clearer idea of “what ‘normal’ looks like”.
“Familiarize yourself with network activity over time, know which sites and email addresses have high and low traffic flow during normal operations. Then you can always have a keen eye to recognize unusual activity,” he told Infosecurity.
“Security technology alone is never enough. It is often unclear whether a policy violation is malicious, accidental or a legitimate exception. This is why managers, not just security professionals, should be alerted to suspicious activity, so they can make better decisions based in context, on whether that data should have been shared in that way.”
Most important is to have an incident response plan in place so that when unusual activity has been identified there are clear processes in place to deal with the incident quickly and efficiently, Bunker added.