There has been quite a lot written about the TalkTalk breach following the publication on the findings of a recent enquiry. Some are citing the need for more help from law enforcement, whilst others seem to suggest that the complexity and lack of audit trails make it difficult for businesses to spot when they have been attacked.
It is a bit of a 'chicken and egg' situation, in so much as the more evidence that can be produced by the victim, the better chance law enforcement have of doing their job.
Whilst log analysis can be easier 'said than done', the fact that the average compromise goes 6 months undetected suggests that for most SMBs it is not a task than needs to adhere to an extreme SLA! Just like 'telematic' insurance policies and dash cam evidence, both can be collected relatively easily to monitor the insured vehicle as well as provide tangible evidence in the event that something should go awry.
The Foregenix FGX-Web service packages up essential logging, and reports back on potential indicators of compromise to the website owner.
Large scale deployment of such services to SMEs will go a long way to protecting small merchants whilst ultimately helping law enforcement and other bodies to protect the business community at large.
However, despite broad support for sanctions, some pundits believe that fines for delays in reporting breaches as proposed by the report are not practical. As the TalkTalk cyber breach shows, it can take months before the true scope and nature of a breach is known. Lack of staff, disparate systems, complexity, lack of audit logs and so on can all contribute to delays