Detecting cyber attackers – how long does it take?

Hacker typing on a laptopWhile awareness of cyber risks is growing, a large proportion of companies still believe they are immune to cyber attacks and data breaches.

However incredible it may sound, the fact that a company hasn’t noticed a breach doesn’t mean that it hasn’t been breached. Mandiant’s new M-Trends report (M-Trends 2015: A View from the Front Lines) reveals daunting statistics about the discovery of data breaches that should remove any complacency and urge action.

How long do criminals spend undetected on a victim’s network?

In 2014, it took organisations a median of 205 days to detect attackers in their network environments. Although this is an improvement on 2013, when organisations took a medium of 229 days, the process still takes far too long according to the report.

The longest undetected presence on a hacked system was a shocking 2,982 days.

With increasing pressure on organisations to disclose not only data breaches, but also details about the attacks, imagine the embarrassment, reputational damage and financial implications of admitting that your systems were breached months ago without you even noticing.

How are compromises detected?

Nearly 70% of breached organisations were notified of incidents by an “outside entity”. In many cases, the notifying parties were law enforcement.

The Mandiant report provides a case study of a retailer that only learned of the ongoing breach in its environment after being notified by US authorities. By then, the attacker – who remotely accessed the victim’s system with valid credentials – had compromised millions of credit cards over a three-month period.

Which attacks are working?

While the nature of attacks varies, phishing attacks are extremely effective. Cyber criminals have become more sophisticated in targeting their victims and using messages that have a greater chance of success.

According to the Mandiant report, 78% of observed phishing emails were IT- or security-related, “often attempting to impersonate the targeted company’s IT department or an anti-virus vendor”.

72% of phishing emails were sent on weekdays.

Now is the time to improve staff awareness of cyber security and phishing attacks.

Getting ahead of cyber criminals

The only way to truly know how secure you are is to conduct an assessment or series of tests, often called a penetration test.

Penetration testing consists of testing an organisation’s current security posture using the same methods and techniques that actual attackers use in the wild. These tests are often scenario-based and they attempt to assess the impact of various threats.

Penetration tests are a core practice in best-practice security standards such as ISO 27001 and the PCI DSS.

IT Governance’s head of technical services, Geraint Williams, recently gave a detailed explanation of why penetration testing is necessary.

IT Governance provides fixed-price CREST-accredited testing services that can be deployed by any organisation looking for better protection.

Pen Testing Guides

Share now…

Share on Twitter Share on Facebook Share on LinkedIn