Financial Firms ‘Take Up To Three Months’ To Detect Cybersecurity Threats

threat detection

Retailers fare even worse, taking up to six months to identify threats, Arbor Networks survey finds

Companies are putting themselves at significant risk of being hit by damaging cyber-attacks by not being able to detect advanced threats quickly enough, a report has claimed.

A study by the Ponemon Institute and sponsored by security firm Arbor Networks found that the ‘dwell time’ (the time taken for businesses to realise the possible threat) can be as much as several months, meaning they are not able to prepare and protect themselves adequately.

At most risk were retailers, who can take up to 197 days to identify an advanced threat, while financial services firms take up to 98 days.

Security threatsDetected

The report also illustrated the sheer scale of attacks hitting firms in recent months, revealing that 83 percent of financial services firms experienced more than 50 attacks per month, as did 44 percent of retail firms, as hackers show no let-up in their efforts.

This includes damaging DDoS attacks, several of which have hit the headlines in recent months after targeting major companies, with the report noting that many companies don’t feel adequately prepared to deal with such threats.

Overall, 48 percent of financial firms believed their company effective in containing DDoS attacks, which fell to just 39 percent of retail firms.

This is despite the majority of companies (55 percent financial, 50 percent of retail) recognising DDoS attacks as an advanced threat.

“It’s time to find a better balance between technology solutions, usability, workflow and the people who use them,” said Matthew Moynahan, president of Arbor Networks. “As security vendors, we need to help our customers so they can adapt to this new cyber security reality that balances the threats with the people who fight them every day,”

It seems that research and development in recognising threats could be a good first step for many companies, as the survey found both sectors admitting to only allocating around one-third of their budgets, staffing, and managed services toward technology and cyber-security.

“The big takeaway from our research is that more investment is needed in both security operations staff and in security tools, which can help companies efficiently and accurately detect and respond to security incidents,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.

“The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable.”

How much do you know about hacking? Take our quiz to find out!