Cyberattack Discovery Time is Decreasing (But This Isn’t All Good News)
Research has revealed that cyberattacks are spending decreasing amounts of time on their targeted networks before they are discovered. While this may sound like a good thing—a faster discovery of a threat is better than a slower one, after all—this unfortunately is not the case.
Let’s explore this trend, and what it implies for your cybersecurity.
Understanding the Concept of Dwell Time
Dwell time is the term for the duration that a cyberattack is present on the network before it is detected. According to figures compiled by Mandiant, their researchers have found that the median dwell time around the world is 24 days. This number continues a decade-long trend of shortening dwell durations, with 2011 seeing a median dwell time of 416 days.
So, over the past ten years, the median dwell time has shrunk to about a fifth of what it once was.
On the surface, this sounds great… and it makes sense, too. Organizations are investing more into their cybersecurity, so their policies are better and they are simply more able to detect threats. Therefore, cyberattacks aren’t spending nearly as much time on a network before the infiltrated business becomes aware of them, so the damage they can do should be limited… right?
As much as we’d like to wrap this blog up right here and say “Right, and here are some best practices to follow…” we can’t. The situation is just a bit more complicated, and those complications are important.
The Shifting Threat Landscape Plays a Role
Here’s the thing: as the dwell time that cyberattacks spend on a network undetected has shrunk, the methodology behind the attacks—more specifically, the type of attacks commonly being used—has shifted. Nowadays, ransomware plays a much larger part, increasing from 14 percent in 2019 to 25 percent in 2020.
Ransomware (the malware that locks down a targeted system and demands payment to release it) has a much shorter dwell time than most other attacks. Taken as a group, other attack methods had a median dwell time of 45 days. Ransomware: just five. This difference is what contributed to the overall median dwell time of 24 days.
So, these shorter dwell times can be attributed to ransomware intrusions progressing to full-scale attacks much more quickly.
Ransomware Has Gotten Worse
Unfortunately, a business’ troubles don’t end there. In addition to these accelerating attacks, hackers have grown more aggressive. This has translated to higher ransom demands, as well as the unsettling development of so-called “multifaceted extortion”—where the attacker threatens to also publish the data they steal if payment isn’t made.
Other Attacks Are Still Prevalent, Too
Businesses still need to worry about other methods of attack as well. For instance, exploits (codes that take advantage of programming bugs or other vulnerabilities) have risen in popularity again as a way for an attacker to first get into a business’ network. They’re now seen in 29 percent of intrusions, as compared to phishing attacks and their 23 percent prevalence.
Other commonly used tools included misused tools meant to provide security teams with the resources needed to run their evaluations. These backdoors were found in 24 percent of incidents. Moreover, privately-developed malware—the kind that makes responding to a security incident more challenging—was seen in 78 percent of attacks.
This Is All Concerning, So Your Business Needs to Prepare Accordingly
How do you do that? Proactively, and keeping in mind that the modern threat landscape is just too diverse to be covered by a single, simple fix. The measures needed to respond to each are all very different.
If you’re finding this to be a lot to deal with, you aren’t alone—and you don’t have to be to attend to all this, either. Directive and our team of experts can help you ensure that your business’ network is fully secured and monitored against threats of all kinds. To find out more about what we can do, check out some of the services we offer and give us a call at 607.433.2200.