By Pádraig Hoare
It is taking more than 200 days before many firms realise they have had a cybersecurity breach plus another 60 to remedy the damage caused, an expert has said.
Ward Solutions chief executive Pat Larkin says research has shown that 75% of firms breached were informed by a third party.
He was speaking as findings from the Magnet Networks Cyber Security Survey revealed more than half of firms do not even realise they have been breached.
Magnet Networks said a third of more than 250 businesses surveyed have no cybersecurity policy in place, with a fifth admitting either their security needs to be tightened or they are completely unsecure.
James Canty of Magnet Networks said: “A new generation of cyber threats has meant Irish businesses are constantly under attack and they may not realise it.
Mr Larkin echoed the Magnet Networks warning, saying the statistic on third party alerts was also stark.
He said: “If this was a physical threat as opposed to a cyber attack, it would be the equivalent of someone gaining access to your building and roaming around undetected for more than six months, rummaging through your files and stealing confidential data, and then only finding out about it from someone off the street telling you they have noticed something untoward in the building.”
The recovery time from a breach was 30 to 60 days, Mr Larkin said.
The breaches include malware being installed on computers, losing a laptop, data being stolen, funds being scammed or major outages.
“Firms simply must get used to the formula of protect, detect, recover and respond. The level of sophistication is now such that it is not sufficient any longer to just have protection measures in place.
“Between the time it takes to realise there is a breach to the recovery time from such an incident, you could be looking at nine months.
“It is no longer a conversation with boards of if, but when a breach will take place,” Mr Larkin said.