Illusive Blog July 27, 2017

How to Lower the Cost of Data Breaches? Prioritize Detection

By Beth Ruck

By annually tracking the cost of data breaches, Ponemon Institute has helped instill broad awareness that these costs continue to increase. As noted in our report earlier this year, Ponemon also offers some insight on steps companies can take to minimize these costs, citing the positive impact of investment in pre-established incident response teams, employee training, and enhanced encryption.

Ponemon studies have also helped people understand that the time it takes to detect a breach is a significant factor in its overall cost, and has brought to light that the detection “lag” is not typically days or weeks, but months—and perhaps years in some cases. Business leaders and corporate directors live in fear of this lag because with every day that passes, odds increase that coveted intellectual property can be stolen, revenue-generating apps can be manipulated, or… well, we all know the long list of damages that can result.


The detection lag persists, of course, because the attacker moves around under the radar of preventive controls. Investments in these controls may continue to be necessary, but let’s face it, they’re not stopping some of the most common and impactful attacks. The typical attack still involves surreptitious entrance through a well-crafted phishing email or other mechanism, followed by a period of great patience and persistence in which the hacker studies the environment and makes lateral movements from one system to another to get – eventually – to the coveted crown jewels.

Improved ability to filter out phishing emails may help. Training employees not to be fooled by them may help. But ultimately, organizations need the means to detect a legitimate-looking attacker earlier in the lateral movement phase.

Distributed deception technology makes it possible to reduce the detection lag to almost zero. Once the entire environment has been blanketed with false information, the attacker is likely to make a fatal move from any endpoint he or she happens to land on. Its simple math: with well-crafted, auto-adjusting deceptions, there’s a 99% likelihood that any attacker will be caught within three steps.

Ultimately, this ability to shorten the time it takes to detect an intruder may be the most effective way to reduce the cost of a cyberattack. We invite you to read about how deception helped a large international bank.