The impact of a cyber attack is measured by how long an attacker remains on a company's systems without being noticed. The longer inside an environment, the more access to critical systems. Therefore, the key to containing attacks is the speed of response time to the incident. A few hours is enough to take the damage of a detected and fixed breach from a simple operating system reboot to a six-figure loss of revenue.

Despite this data being released every year, it still takes most organisations months to identify and contain an attack. This time - called dwell time - was 280 days in 2020. In Brazil alone, the average cost of each data breach was $1.4 million (about 7 million reais today). Companies that were able to detect and contain a breach in less than 200 days, on the other hand, spent an average of $1 million less. The data is from a report by IBM and the Ponemon Institute.

Why do violations go unnoticed?

In an ideal situation, a company would have a dedicated cyber detection and response team to monitor and respond to any alerts. This team would immediately assess the current threat status and work from a set of policies to take appropriate action based on the nature and status of the attack. There would be clear response protocols for high, medium and low incident severity. Incident responders would have threat intelligence and know precisely what to do in advance.

But the reality in companies is far from that. The team responsible for IT usually does the maintenance of the acquired security technology, but not the monitoring and response. There is no protection plan established and disseminated throughout the organisation. And when there is, there is a lack of training and communication about the role of each one in the execution of this plan.

How to decrease the response time to threats?

There are general guidelines that are good for every company. It is known to be important to invest in security automation tools and comprehensive cybersecurity solutions. Also, implement training programs for all employees to combat phishing scams and other common hacker tactics. But, it's not enough.

Raising the level of protection requires a security intelligence partner. With him, the organisation can have predictability. Based on intelligence, the posture is no longer reactive but proactive. This comes before protection. Because the risks are sought and anticipated.

In practice, a cyber intelligence partner will not wait for the attack to happen. It will search, inside the company's system or on the Internet, for publications of sensitive information, cyber espionage, bad behaviour in the virtual environment of people linked to the corporation, fraudulent and malicious references to the brand on fake websites, leak of confidential information, such as customers' and partners' credit cards, among other threats.

Almost 40% of the average total cost of a data breach stems from lost business, including increased customer churn and lost revenue due to system downtime. In addition, about 61% of the cost arises in the first year, about 24% in the next 12 to 24 months, and the final 15% more than two years later. The cost of not protecting is getting higher and higher. Therefore, for companies that want to operate in a hyper-connected world, protection needs to be part of the strategy, ensuring the confidentiality of information and facilitating business.

By Dirceu Lippi