Threat Hunting

08 September 2016

Many organisations are still lacking the adequate tools, processes and procedures to identify cyber-attacks against their organisations. Consequently, customers are often the first to learn that their data has been compromised. Not only does this cause immediate and sustained corporate embarrassment, but with little control over how the news is communicated and disseminated, this can have a devastating impact on any strategies put in place to mitigate the reputation impact of a cyber-attack and data loss.

In 2015 the average time it took for organisations to discover their cyber security had been breached was 146 days; down from 205 in 2014. While this 59 day improvement is to be applauded, it is still too long. So how to close the gap?  

The biggest contributing factor to excessive delays in breach discovery is the fact that many organisations take the traditional event-driven approach to managing cyber security incidents, relying on notification of suspicious activity before undergoing any investigation. With cyber-criminals remaining one step ahead in their ability to remain undetected this puts organisations at an immediate disadvantage.

Organisations therefore need to put themselves on a war footing, and assume that they are under constant attack. By putting in place controls that continuously search for indicators of malicious activity within an organisation, coupled with a wider cyber security strategy; this could be the determining factor in closing the gap between breach and discovery from months to days, hours or even minutes.

So what do these controls look like? In truth these controls are primarily technical. Just as each of us is unique, so is each company and its underlying network structure. The most important consideration for any company is establishing what is ‘normal.’ As of yet we do not have full Artificial Intelligence, therefore software will not be able to pick up unusual activity unless we tell it first. Building this baseline will allow monitoring to pick-up on unusual activity, and notify the correct people to look further into the situation, minimising the time between incident and being made aware.

Combining this technical approach with the establishment of human firewalls will ensure a holistic approach to cyber security that combines processes with technology and people. The result being that organisations will be the first to know if they have been compromised and the delay between a breach and notification will be drastically reduced.

When it comes to reputation the investment community wants organisations to speak up before being asked. Thus, incorporating continuous incident response into an organisations cyber security strategy may prove the determining factor between bankruptcy and a bruising following a breach. And it's not just limited to large organisations; increasingly smaller companies are being targeted because they are less likely to have policies or awareness training in place to mitigate a cyber-attack. 

Ultimately, data breaches are expensive for any sized company. The only way to minimise the financial and reputational impact of a cyber-attack and data loss is to be prepared for what will come. 

Receive our monthly newsletter

About the Author


+44 (0)20 7034 9000
Our 24 hour number
+44 (0)20 7034 9000
Legal information

© 2021 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.