Story image

175 days to detect a network intruder in EMEA - just 77 in US

07 Apr 18

A new study has emerged from FireEye that reveals US businesses are significantly more security savvy than their European counterparts when it comes to intruder detection.

FireEye’s M-Trends 2018 report found that organisations in Europe, the Middle East and Africa (EMEA) are taking 175 days (equating to nearly six months) to actually detect an intruder in their networks, giving said cybercriminal plenty of time to wreak havoc.

When compared to the findings from FireEye’s same survey last year, the median dwell time before detection in EMEA was a substantially lower figure of 102 days. In contrast, the median dwell time in the US is only 76 days, improving from 99 in 2016.

However, Asia Pacific (APAC) blows every region out of the park by a country mile after the report found the area’s median dwell time to be a staggering 489 days, soaring from 172 days in 2016.

FireEye says these findings are of particular concern when you take into consideration that GDPR is just around the corner with more severe breach disclosure guidelines and fines of €20 million or four percent of global turnover, whatever is the higher of the two.

High-Tech Bridge CEO Ilia Kolochenko says he is not surprised by the figures that EMEA appears to be far less equipped in terms of threat detection, as compared to other countries the US has always pioneered the cybersecurity industry with the highest budgets and willingness to invest into disruptive information security technologies.

“Technically speaking, these alarming numbers reflect the reality, however, I don’t see any reason for panic. Numerous previous reports have stated even longer breach detection periods and more disastrous unpreparedness of the victims,” says Kolochenko.

“Additionally, many of the detected security incidents impact a very limited number of external stakeholders (e.g. clients or other third-parties) or are inconsequential in terms of negative outcomes for the victims.”

Kolochenko says the findings should be viewed with a ‘glass half full’ perspective.

“Nowadays, the majority of large companies have a great wealth of unprotected Shadow IT systems that are continuously breached as organizations are not even aware of their existence. But the "crown jewels" systems are usually well protected and isolated,” says Kolochenko.

“A rise in machine learning solutions, capable of proactively detecting various anomalies, will greatly reduce breach detection time if properly installed and configured. Emerging cyber deception systems, will also help to identify intrusions in a timely manner. Therefore, I rather see a positive trend and new exciting opportunities for the market.”

The report from FireEye uncovered a number of further findings, including that cybercriminals often can’t resist a second attack – 56 percent of organisations around the world that received incident response support were then attacked again by the same or similarly motivated attack group.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.