EDITOR’S QUESTION
WHAT STEPS CAN
ORGANISATIONS
TAKE TO PREVENT
SECURITY BREACHES?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
F
ireEye, the intelligence-led security
company, has released the Mandiant
M-Trends 2019 report, which shares
statistics and insights gleaned from
Mandiant investigations around the globe
in 2018.
Key findings include:
• Dwell time decreasing as organisations
improve detection capabilities – In 2017,
the median duration between the start of
an intrusion and the identification by an
internal team was 57.5 days. In 2018 this
duration decreased to 50.5 days. While
organisations are getting better and
faster at discovering breaches internally,
rather than being notified by an outside
source such as law enforcement, there
is also a rise in disruptive, ransom, or
otherwise immediately visible attacks.
The global median dwell time before any
detection, external or internal, has also
decreased by more than a month – going
from 101 days in 2017 to 78 days in
2018. The same measurement was as
high as 416 days back in 2011.
24
INTELLIGENTCIO
• Nation-state threat actors are continuing
to evolve and change. Through
ongoing tracking of threat actors from
North Korea, Russia, China, Iran and
other countries, FireEye has observed
these actors continually enhancing
their capabilities, and changing their
targets in alignment with their political
and economic agendas. Significant
investments have provided these actors
with more sophisticated tactics, tools and
procedures, with some becoming more
aggressive, and others better at hiding
and staying persistent for longer periods
of time.
• Attackers are becoming increasingly
persistent – FireEye data provides
evidence that organisations which have
been victims of a targeted compromise
are likely to be targeted again. Global
data from 2018 found that 64% of all
FireEye managed detection and response
customers who were previously Mandiant
incident response clients were targeted
again in the past 19 months by the same
or similarly motivated attack group, up
from 56% in 2017.
• Many attack vectors used to get to
targets, including M&A activity. Attacker
activity touches countries across the
globe. Among them, FireEye observed
an increase in compromises through
phishing attacks during mergers and
acquisitions (M&A) activity. Attackers
are also targeting data in the cloud,
including cloud providers, telecoms, and
other service providers, in addition to re-
targeting past victim organisations.
“In 2018, FireEye saw organisations
respond faster to breaches than ever before,
but we’ve also seen attackers become
increasingly sophisticated as they adopt new
methods,” said Jurgen Kutscher, Executive
Vice President of Service Delivery at FireEye.
“Our 2019 M-Trends report shows that no
industry is safe from these threats, which
is why it is positive to see breach response
times improving across the board. However,
most attackers only need a few days inside
an organisation to cause costly damage so
the battle on the front lines of cyberattacks
will continue for the foreseeable future.”
www.intelligentcio.com