UK enterprises advised to deal with threats faster or lose the "golden hour"

Cyber crime

UK organisations must deal with cyber threats much faster in order to avoid missing out on the crucial "golden hour".

Intel Security's latest report reveals that a quarter of all UK IT professionals took over a fortnight to find out their enterprise had been hit by an advanced cyber threat in 2014 with poor communication and a lack of skills taking their toll.

The report, entitled "Tackling Attack Detection and Incident Response", found that even after the threat had been found it took 39% of firms between two and 12 weeks to remove it and remediate. Raj Samani, EMEA CTO at Intel Security, pointed out that enterprises have a window of opportunity or "golden hour" to detect and deflect attacks to minimise risk and damage from hackers.

"It's worrying to see that companies in the UK and globally are losing out on critical time in the initial onset of an attack – when immediate action is crucial," Samani said. "Hackers don't hang around - as soon as they identify a vulnerability within a corporate network, they will be working to spread this as far as possible throughout the enterprise, wreaking havoc and compromising data along the way."

Why does it take so long?

UK IT professionals found that determining the impact of the incident (50%), taking action to minimise the impact (45%) and finding the most vulnerable assets (45%) consume the most time. A whopping 75% also admitted that a lack of communication and syncing of security tools is giving hackers time to wreak havoc.

A skills shortage at 80% of firms is having a huge impact on the ability to fight off threats as quickly as possible and, despite this, just 40% are actively recruiting for IT security roles. The UK isn't the only country where IT professionals claim their firms are slow to react with the two week timeframe also apparent in France (25%) and the USA where the number mushroomed to 35%

Around the world the number of attacks businesses dealt with reached an average of 78 per companies and of these 26% were what Intel Security called targeted or bespoke attacks.