The residence time of hackers in compromised networks is reduced but if the data could lead to believe in a new success against cybercriminals, in reality the ‘dwell time’ is contracted because ransomware attacks increase. In short, we spend less time discovering cyber attacks but the problem remains. According to the report released by the cybersecurity company FireEye Mandiant, in the last ten years, analysts have in fact observed a constant decrease in the global dwell time that has passed from over the year, given in 2011, to just 24 days in 2020.
This is, explains the report now in its 12th edition, twice the speed of identification compared to last year’s report when the global average dwell time was 56 days. Mandiant attributes this reduction “to the continuous development and improvement of organizational detection capabilities and response from organizations to address multiple extortion activities and ransomware intrusions. “Analyzing the average dwell time varies by region, the American continent continues to decrease and the average dwell time, related to internally detected incidents, has dropped from 32 days to just 9. This is the first time since a single digit dwell time has been recorded, while the Apac and Emea areas have seen an overall increase in the average dwell time.
According to Mandiant,
“this figure is due to the greater number of undetected intrusions in these regions and the fact that the dwell times
in several cases they were longer than 3 years. “The report shows that the top five most affected sectors were commercial and professional services, retail & hospitality, finance, healthcare and high-tech. Mandiant noted that Retail & Hospitality companies were hit hardest in 2020, climbing the rankings to second place compared to eleventh the previous year. Healthcare also suffered a greater number of attacks, becoming the third most affected sector, compared to eighth place last year. This increased attention from attackers is explained by the vital role the health sector played during the global pandemic.
“As organizations continue to improve their internal ability to detect compromises, being able to contain opponents presents entirely new challenges. The aftermath of the global pandemic has forced companies to rethink their operations with a remotely active workforce. This has meant that VPN infrastructures, video-conferences, collaboration platforms and file and material sharing platforms became indispensable and changed the surface and the perimeter of attack of organizations “underlined Jurgen Kutscher, Executive Vice President, Service Delivery. , Mandiant.
“In many cases, employees without adequate qualifications – continues the manager – have been suddenly transformed into managers of connectivity and cyber security.. Companies that deal with Professional Services and Business Services are among the top five sectors affected starting from 2016, we believe that the increase in corporate services necessary for carrying out remote work has made this sector the most affected. both by cyber criminals and through state-sponsored attacks in 2020 “.
“Extortion and ransomware are the most widespread threats to organizations“warned Charles Carmakal, Senior Vice President and Chief Technology Officer, Mandiant.” In this year’s report – he continues – the motivation for at least 36% of the intrusions examined is financial. Data theft and resale of unauthorized access to victims’ networks remain high, and attackers who have carried out extortion and spread ransomware have targeted organizations that are most likely to pay large sums of ransom money. Organizations thus find themselves taking proactive actions to reduce the risk of a potential impact on their activities. ”