It is easy to dwell on constant attacks big and small hitting manufacturers these days, but one positive coming out is companies are getting better at detecting breaches, where the global median dwell time for an attack was down to 78 days, researchers said.
“That means attackers are operating for just under three months, on average before they are detected, according to FireEye’s 2019 M-Trends Report. “That is roughly a quarter of the global median dwell time of 101 days in last year’s report – a modest improvement.”
CISO’s Moving Forward, but More to Go
Govt., Private Sector Need to Unite on Cyber: Report
Safety, Security, Privacy in Interconnected World
DDoS Attacks, Fewer in Quantity, More Sophisticated
Last year, 31 percent of the compromises Mandiant investigated had dwell times of 30 days or less, compared to 28 percent of compromises in 2017. Twelve percent of 2018 investigations had dwell times greater that 700 days, down from 21 percent in 2017. We attribute the increased in compromises detected in under 30 dyas to more ransomware and cryptominer engagement overall, which are detected faster. Also, clients are generally improving data visibility through better tooling which allows for faster responses, the report said.
In addition, 56 percent of FireEye managed detection and response customers who were previously Mandiant incident response clients were targets of at least one significant attack in the past 19 months by the same or similarly motivated attack group. In 2018, the number increased to 64 percent. The data further substantiates if you have been breached once, you are more likely to be targeted again.
“Security has changed over the years, but from another perspective not much has changed,” researchers said. “Until core technology evolves beyond the familiar, the very essence of cybersecurity will likely remain the same: Threat actors from various nations with diverse motivations will target networks and system around the globe, and defenders will have what often feels like and impossible task of keeping up with those threats, and doing everything they can – and that is required – to shut them down.”
Click here for more on the report.