Cyber threat ‘dwell time’ in small and mid-sized organizations explored
- Published: Tuesday, 16 July 2019 12:55
Infocyte has released its inaugural Threat and Incident Response Report, which found that despite sophisticated prevention security tools, small to mid-sized organizations continue to be especially vulnerable to long lasting breaches due to their inability to support the level of IT staffing traditionally required to run a comprehensive detection and response function.
Key findings include:
- Infocyte’s method for measuring threat dwell time shows a significant departure from other industry reports; varying greatly by the type of threat found (averages ranging from 43 to 869 days) and a more significant problem for small and mid-sized organizations.
- 22 percent of small and mid-market organizations’ networks have encountered a ransomware attack that bypassed their preventive security controls.
- Fileless attacks using memory injection techniques are becoming common.
- A majority of attack detections are being made with generic detectors like machine learning scores, making it more difficult to communicate risk or impact for organizations without the right analysis expertise.
- Riskware (includes unwanted applications, web trackers, and adware) is pervasive but a correlation exists between organizations that struggle with controlling unwanted apps and low readiness to handle the attacks when they do occur.
Dwell time explored
Infocyte’s report revealed that dwell time, the time between an attack penetrating a network’s defences / defences and being discovered, remains a major problem for small and mid-sized organizations.
- The average dwell time for confirmed, persistent malware (not including riskware) for the small and mid-sized organizations inspected was 798 days, far in excess of the reported dwell times for large enterprises.
- Dwell time for modern attacks that include ransomware are much lower: averaging 43 days between infection of the initial trojan (often Trickbot or Emotet) and remediation due to how ransomware informs the victim.
- Infocyte discovered that the dwell time for riskware was much longer for small and mid-sized organizations, averaging 869 days of dwell time.