Cyberattacks are spending less time on their victims’ networks before they are discovered, which sounds like good news, but the reality isn’t so straightforward. Let’s take a few moments and dig into the situation at hand, and what it means for your cybersecurity.
To appreciate these statistics, it is important to understand the concept of dwell time: the length of time that a cyberattack is present on a network before it is detected. According to recent stats from Mandiant, the average median dwell time worldwide is approximately 24 days. This number is the latest in a decade-long decrease in dwell times, down from a median time of 416 days in 2011.
So, from these numbers, we can see that the median dwell time is about a fifth as long as it was a decade ago. Sounds good, right?
After all, this suggests that the investments organizations are making into their security are paying off, and their policies and detection capabilities have improved as a result. So, since cyberattacks are being discovered more quickly, they shouldn’t be able to do as much damage…
...at least, that’s what we’d like to say.
Unfortunately, how cyberattacks are commonly carried out in recent years has changed. Ransomware has risen in popularity to play a role in many more attacks than it once did. Between 2019 and 2020, its presence in cyberattacks rose from 14 percent to 25 percent.
As the malware that takes your data hostage in demand of payment, it makes sense that ransomware would have a naturally shorter dwell time than other forms of attack. Taking ransomware out of the equation, the median dwell time amongst other cyberattacks was 45 days. Ransomware on its own: five. This value is what made the median dwell time the skewed 24 days that we see.
So, these shorter dwell times are directly tied to ransomware intrusions becoming infamous full-scale attacks so quickly.
On top of these attacks, the cybercriminals who use them are also using them more aggressively. Higher ransom demands have become common, as well as something called multifaceted extortion—where an attacker doubles-down on their threat and says they’ll publish the stolen data if they aren’t paid.
This isn’t the end of a business’ problems, either, as other means of attack are still being used. Consider exploits, or malicious codes that leverage the bugs or vulnerabilities present in a software’s programming, which have seen a resurgence as an attack vector. Phishing is currently featured in 23 percent of network intrusions, while exploits currently appear in 29 percent. 24 percent of incidents saw the cybercriminal using backdoors, or tools developed by security teams to help them run breach simulations. On top of all this, the notoriously more challenging to address malware titles that have been privately developed were present in 78 percent of attacks.
In order to protect your business from this variety of threats, you need to use a variety of solutions.
If this seems like a lot for your company to handle, you’re right. However, you don’t need to take care of it single-handedly. Our team here at Zinc can help. To learn more about the protections that we can use to reinforce your IT security, give us a call at (713) 979-2090.
About the author
Zinc has been serving the Texas area since 2017, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Comments