Intelligent CISO Issue 18 | Page 9

news Research finds 91% reduction in dwell time for deception users enterprise network when compared to those unfamiliar with the technology. Other studies conducted by incident response service providers or endpoint detection and response vendors suggest an average of 78 to over 100 days, while survey respondents that are highly familiar users of deception technology reported dwell times as low as 5.5 days. A total of 70% of respondents highly familiar with and currently using deception technology rated their organisations as highly effective as compared to 49% reported from the aggregate of all users, including deception technology users. ttivo Networks, an award-winning leader in deception for cybersecurity threat detection, has announced the availability of a new research report, conducted by Enterprise Management Associates (EMA) and commissioned by Attivo Networks, that explores attitudes and views of deception technology in the enterprise. A The research uncovered contrasts between users and non-users of deception technologies. One of the most significant findings is that users of deception technology reported a 12X improvement in the average number of days it takes to detect attackers operating within an “Quantifying the ROI of security controls can be extremely challenging and is often tied to overall breach metrics that can be heavily debated,” said Carolyn Crandall, Chief Deception Officer and CMO of Attivo Networks. “This survey is particularly interesting in that it quantifies the specific value derived and the sentiment of deception technology users compared to non-users.” To download the report, visit A Definitive Market Guide to Deception Technology. ‘FORMJACKING’ SOARS AS HACKERS HIT CONSUMERS AT CHECKOUT nline forms such as login pages and shopping baskets are increasingly hijacked by cybercriminals hunting for personal financial information (PFI), according to new research from F5 Labs. F5 Labs’ Application Report 2019 examined 760 breach reports and discovered O that formjacking, which siphons data from the customer’s web browser to an attacker-controlled location, remains one of the most common web attack tactics. F5 Labs’ data discovered that the method was responsible for 71% of all analysed web- related data breaches throughout 2018. “Formjacking has exploded in popularity over the last two years,” said David Warburton, Senior Threat Evangelist, F5 Networks. “Web applications are increasingly outsourcing critical components of their code, such as shopping carts and card payment systems, to third parties. Web developers are making use of imported code libraries or, in some cases, linking their app directly to third party scripts hosted on the web. “As a result, businesses find themselves in a vulnerable position as their code is compiled from dozens of different sources – almost all of which are beyond the boundary of normal enterprise security controls. Since many web sites make use of the same third-party resources, attackers know that they just need to compromise a single component to skim data from a huge pool of potential victims.” www.intelligentciso.com | Issue 18 9