IT disaster recovery, cloud computing and information security news

Cyber threat ‘dwell time’ in small and mid-sized organizations explored

Details
Published: Tuesday, 16 July 2019 12:55

Infocyte has released its inaugural Threat and Incident Response Report, which found that despite sophisticated prevention security tools, small to mid-sized organizations continue to be especially vulnerable to long lasting breaches due to their inability to support the level of IT staffing traditionally required to run a comprehensive detection and response function.

Key findings include: 

  • Infocyte’s method for measuring threat dwell time shows a significant departure from other industry reports; varying greatly by the type of threat found (averages ranging from 43 to 869 days) and a more significant problem for small and mid-sized organizations.
  • 22 percent of small and mid-market organizations’ networks have encountered a ransomware attack that bypassed their preventive security controls.
  • Fileless attacks using memory injection techniques are becoming common.
  • A majority of attack detections are being made with generic detectors like machine learning scores, making it more difficult to communicate risk or impact for organizations without the right analysis expertise.
  • Riskware (includes unwanted applications, web trackers, and adware) is pervasive but a correlation exists between organizations that struggle with controlling unwanted apps and low readiness to handle the attacks when they do occur.

Dwell time explored

Infocyte’s report revealed that dwell time, the time between an attack penetrating a network’s defences / defences and being discovered, remains a major problem for small and mid-sized organizations.

  • The average dwell time for confirmed, persistent malware (not including riskware) for the small and mid-sized organizations inspected was 798 days, far in excess of the reported dwell times for large enterprises.
  • Dwell time for modern attacks that include ransomware are much lower: averaging 43 days between infection of the initial trojan (often Trickbot or Emotet) and remediation due to how ransomware informs the victim.
  • Infocyte discovered that the dwell time for riskware was much longer for small and mid-sized organizations, averaging 869 days of dwell time.

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Impact tolerance guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.