When Will We Ever Learn? 92 Percent of Hacks Detected Months After the Fact

Brian A Jackson/Shutterstock.com

Ninety-two percent of all data breaches are detected by someone else besides the target.

Hackers now find their bounty within seconds, while their victims take longer than ever before to discover uninvited company in their computers, according to new data from Verizon, the U.S. government and investigators worldwide.

As if that statistic isn’t disturbing enough, 92 percent of all data breaches are detected by someone else besides the target, like an FBI agent or customer.

“Those people start complaining and it's not until the complaints become so real, that the victim starts realizing they have a problem,” said Bryan Sartin, managing director of the Verizon RISK Team, author of an annual global data breach report released today. "The victim finds out months later and they don't even find out on their own."

The trend is not limited to industry. The National Security Agency learned from outsiders, namely the press, that journalists were in the possession of top secret documents leaked by ex-intelligence contractor, Edward Snowden.  

Today, financial institutions sometimes are the first to identify a data breach.

Banking officials, for example, noticed a pattern of fraud on customer cards that were all used at Trump Hotel Collection locations in the past two to three months, including Trump International Hotel New York, Trump Hotel Waikiki in Honolulu, and the Trump International Hotel & Tower in Toronto.

A representative from the hotel chain affiliated with GOP presidential frontrunner Donald Trump says the company is investigating claims of a payment system breach, KrebsonSecurity reported April 4.

The number of victims that uncovered hacks themselves -- through their own technology or internal staff -- dropped from 12 percent to 8 percent between 2014 and 2015, according to the report.

With sloth-like speed, people detected some 64,000 IT compromises last year.

"Security's greatest weakness is that inability to recognize and react and it is in fact getting far worse over time, not better," Sartin said. "It's like despite all the awareness -- you can major in digital forensics at a university, for crying out loud -- those on the defensive are not getting any better, faster at recognizing and reacting to these little lead indicators of a cyberattack."

About 82 percent of the time, hackers needed just minutes to break in. And in most cases (68 percent), they needed just days to extract information.

One government episode of note: Hackers penetrated Office of Personnel Management systems in the fall of 2014 using a stolen credential, and OPM says it did not grasp the extent of the loss -- 21.5 million Americans' Social Security numbers were stolen -- until late June 2015.

"Most times, the modus operandi of nation-states, as well as financially motivated attackers is to establish control via malware and, when successful, it is lightning fast," Sartin said.

Phishing scams where impostors send an email asking for confidential information crafted to look like it came from a trusted person can steal credentials as soon as the recipient hits reply. Clicking on a malicious attachment in the email can take seconds.

Sartin says year-after-year, an overwhelming majority of data thefts involve weak, default or stolen credentials (63 percent in 2015).

A huge part of “the attack surface could be mitigated with just simple, consistent application of two-factor authentication,” a lockdown that combines the traditional password with an additional ID you have on you, like a short code texted to your phone or your fingerprint.

“Basic security stuff from 10 years ago is still the biggest disrupter” of a hack, Sartin said.