Almost 66 percent of organizations learn about a breach after hearing about it from an external source, a new report said.
While companies are getting better at identifying targeted attacks on their own, it takes a company, on average, 243 days before discovering an attack, during which the criminals can freely roam their networks, according to the “M-Trends 2013: Attack the Security Gap” study from security firm Mandiant.
The report focuses on advanced persistent threats (APTs) which attackers use penetrate organizations and steal sensitive information. That number, though, dropped by 173 days compared to the previous year.
It’s interesting to note the use of outsourced service providers is also problematic for cyber security. Attackers are taking advantage of the relationship between the targeted company and outsourced business processes such as finance, accounting and HR.
To make their attacks more efficient, cybercriminals collect large quantities of data related to system administration guides, processing methodologies and network infrastructure. This allows them to navigate their victims’ networks faster.
While China always stands accused of cyber spying on the U.S., Mandiant did say the top three industries repeatedly targeted by the country are aerospace, energy and pharmaceuticals.
“We’ve seen first-hand that a sophisticated attacker can breach any network given enough time and determination,” said Grady Summers, vice president at Mandiant.
“It’s not enough for companies to ask ‘Are we secure?’ They need to be asking ‘How do we know we’re not compromised today? How would we know? What would we do about it if we were?’”