Breakout time: Is your IT team ready for a cyber attack?
by Rick Kuwahara COO of Paubox
In today’s ever-evolving cyber landscape, it’s crucial that your IT team is prepared for attacks. Speed is essential for effective cyber defense, especially for organizations that manage healthcare and other types of private data.
The critical window of “breakout time” was highlighted as an important way to gauge your organization’s defenses against a data breach in CrowdStrike’s 2018 Global Threat Report.
Breakout time refers to the time it takes for an intruder to begin moving outside of the initial attack entry point to threaten other systems in a network.
3 key metrics every organization should know
According to CrowdStrike’s report, organizations only have an average of one hour and 58 minutes to detect and remove an attacker before they compromise additional IT systems across the enterprise.
Breakout time involves three key metrics that can evaluate your organization’s preparedness for a cyber attack:
- Detection time – How long does it take your team to detect an intrusion?
- Investigation time – How long does it take your team to understand the scope of an attack and what type of response is needed?
- Response time – How long does it take your team to respond to an intrusion, remove the attacker, and contain any damage?
The best-prepared organizations follow the 1-10-60 rule — strive to detect an intrusion in under one minute, fully investigate it in under 10 minutes, and remove the attacker in under an hour.
Following these guidelines, your organization can minimize the impact of a cyber attack and prevent it from becoming a breach.
Why organizations need to increase their defenses
New security technologies and approaches that go beyond the traditional endpoint defense of the past are required to address modern cyber threats. And when you’re protecting sensitive patient data there’s not much room for error.
An organization’s reputation can be seriously damaged by a data breach. And Boards and CEOs are often in attackers’ crosshairs because of their influence and access to information.
Regulatory violations are costly and severe Health Insurance Portability and Accountability Act (HIPAA) penalties are incurred for organizations that fail to provide notification of breaches in a timely manner.
Breakout time is a useful security standard that can offer a clear analysis of your defense capabilities.
Understanding your cybersecurity team’s response speed can give your organization valuable insights into how to become better prepared to fend off cyber attacks and prevent data breaches.