If a security reseller gets told by their customer that they are on top of things then in a large amount of cases it's likely to be true and a wish rather than an accurate summary of the current situation
Against a backdrop of the RSA security conference in the US a fair amount of research has come out to try to stir customers into reviewing their operations and making some investments to improve their defences.
Intel Security provided some insight into just how many customers were left scratching their heads when it came to dealing with attacks, finding that a quarter of UK IT professionals took more than a fortnight to discover they had been hit by a cyber threat last year.
Once they found they had been hit by a threat it then took at least a third of users between another couple of weeks and three months to fix things, which is a poor track record given the average firm faced 78 incidents last year.
Raj Samani, EMEA CTO Intel Security, said that customers needed to react to threats quickly and had a 'golden hour' in which they could detect and deflect an attack.
"It’s worrying to see that companies in the UK and globally are losing out on critical time in the initial onset of an attack – when immediate action is crucial," he added “Hackers don’t hang around - as soon as they identify a vulnerability within a corporate network, they will be working to spread this as far as possible throughout the enterprise, wreaking havoc and compromising data along the way."
“Investing in training to ensure the company’s security team has the expertise to deal with a threat is crucial. Meanwhile, automating processes and ensuring security tools are synched across the network is a key way to ensure companies are able to act fast in their ‘golden hour’ of an online attack," he added.
On top of being slow to identify and respond to attacks there was more evidence from Proofpoint that more user education is needed with malicious messages still being opened by staff.
All types of company are being targeted and all levels of employee are a potential recipient of malicious emails and time is again an issue with the majority of threats being activated by staff on the first day of being sent.
Malicious messages are also being sent during office hours with Tuesday and Thursday mornings the peak times for sending out the threats, with Tuesday being the highest day staff clicked through to activate the attack.