Rhett Greenhagen
5 min readDec 10, 2020

Why discovery time for 60% of data breaches is a month or longer

A report by Verizon that analyzes cyber threats that was built on an analysis of 41,686 security incidents showed that while a cybercriminal’s first action towards compromising customer information and data happens in minutes, the time of discovery by recipients of these malicious actions would often take months. It was on this basis that they established that 60% of breaches often took months or even longer to detect. Sometimes these individuals might not even know until they stumble upon it by which it might be too late to salvage the situation and this is not restricted to individuals, organizations also fall victim to this lopsided attacks.

The reality of this implies that businesses and Individuals should be vigilant constantly and ensure very often that they are not susceptible to breaches. They should create a system that helps them identify threats of any kind and they should be quick to protect themselves and respond efficiently when they identify breaches of any kind.

While breaches like a stolen device are easier to recognize and safeguard against, most breaches like web skimming and Magecart are harder to identify.

Web Skimming and Magecart?

Web skimming is a type of online or carding fraud in which a website’s payment page is breached and the data is compromised by injecting malicious code on the page through a malware script service whose sole intent is to steal customer information.

There are many variations of web skimming but one of the most popular is the online card skimming which is a process that involves stealing credit card details from visitors of the web. Another one involves a physical methodology to web skimming where point of sale systems like Automated teller machines or gas stations are exploited and the cyber criminals physically install skimming devices that discreetly steal customer passwords, pins and codes.

attackers install stealthy skimming devices

On the other hand, Magecart attacks are a form of webskimming that use the front end portion of a browser to gain access to sensitive information that an unsuspecting user might enter. The process involves injecting malicious javascript code into that browser and obtaining access to all of the Customer’s online activities.


One of the most dangerous aspects of this is that Magecart can obtain sensitive information from customers and they will be oblivious for the most part. Whole malicious pages can be created by Magecart and users will have no way of knowing that the site they are visiting is compromised. On the other hand, businesses mostly only catch wind of the breach months after the interception.

Third party providers are often one of the most susceptible to Magecart attacks and in our world today, where eCommerce is booming and the code that is used to create the client-side of the extension are mostly third party scripts, there is little wonder why Magecart attacks are common. A regular website can have up to 40 different third-party codes. The reason for this is to keep the site cheap and affordable, however this also means that the owner is not in full control of the site and thus, there is the high possibility of breaches. Tens of millions of users input their sensitive data into these extensions and these datas are stolen unknown to them and mostly unknown to the businesses themselves.

Why It Takes Long To Detect

Just as we stated above, there are two ways Magecart attacks threaten a system. While some attack the main website, others exploit 3rd party coding. Whichever, the major notice is to insert JavaScript malware that will steal sensitive customer information from HTML forms and redirect them to the attackers. An example is the case of the British Airways, where the attackers injected the malware into the airline’s baggage claim subdomain because it was way less secure than the main website. When this malicious javascript code was run through the main website of British Airways and within the user’s browsers, credit card and sensitive personal information was stolen.

The reason these webskimming and Magecart attacks are very hard to identify quickly is because they do not happen on the backend of the websites, but instead they occur on the browser of the user. The implication of this is that data is moved directly from the browser to the attackers servers, without any contact with the backend of the website. This makes tasks like backend audit a futile task because it won’t stop attacks. The problem is directly on the customers browser and as such, auditing processes can’t detect it. The only way attacks like Magecart can be detected by the respective companies is when the fraud is brought to their notice..

How To Protect Against These Breaches

Research found by Verizon show that 71% of breaches are financially motivated while 43% involve victims in the world of business. One important statistic they also found was that about 69% of these breaches were caused by elements outside the systems.

As a result, it is necessary that companies, organizations and bodies that are susceptible to these kinds of attacks begin to develop a firm knowledge of their data set and create systems that will make it harder for any third party to access their data.

It is also necessary that companies employ formidable authentication systems for client-end applications and they should monitor sensitive financial data as well as campaign for security awareness amongst employees and clients. While it is through that there is not so much that organizations can do in order to ensure that they upgrade their antivirus softwares or malware defenses, they can still do their part that at the very least their customers are armed with the necessary information they will need to protect themselves..

Detection of malicious activity does not need to be slow. If companies and organizations can approach and tackle these issues with a zero-trust mentality, seek to reduce the majority of third-party tags their systems utilize to the bare minimum as well as properly educate their users about the dangers they might be susceptible to and the necessary measures they can take to curb it, detection will be a lot faster and customer data will be a lot safer.



Rhett Greenhagen

“I am always ready to learn although I do not always like being taught.” — Winston Churchill