A dangerous game of hide and seek
While a cyberattack is never good news for a business or its stakeholders, the recent spate of high-profile cybersecurity breaches dominating mainstream news should be a good reminder to businesses of all sizes that they need to take security seriously.
These latest attacks have targeted large businesses with huge customer bases, however that doesn't mean that small businesses are immune from the same fate. Quite the contrary. A recent report by Sophos shows that cybercrooks are hiding (or dwelling) in the networks of smaller businesses for much longer than their larger counterparts before security teams uncovered their presence and booted them out. For example, in businesses with less than 250 staff, attackers had an average dwell time of more than seven weeks. For bigger organisations with more than 3000 employees, the dwell time was just under three weeks.
Longer dwell times may reflect the involvement of an Initial Access Broker (IAB). For smaller businesses or industry sectors such as education (with an average intruder dwell time 34 days), the longer dwell times also reflect how hard it can be for in-house IT security staff to proactively hunt for, investigate, and respond to suspicious alerts and potential threats.
With an increase in dwell time, comes an increase in time hackers have access to organisational data. This has the potential for disastrous consequences for the business. To reduce dwell time, organisations need to ensure they are implementing a combination of human and technological solutions – effectively setting up a game of digital hide and seek.
Hackers are hiding, you're seeking
2021 saw an increase in dwell time for hackers by a third from 2020. Intruders are now averaging more than two weeks of undetected infiltration in networks as the median average of dwell time rose from 11 days to 15. However, it is not carnage from day 1-15 for organisations. On average, there is a four-day interval from data exfiltration and ransomware deployment.
As ransomware attacks look to be efficient and quick, it only makes sense dwell time will remain shorter. When excluding ransomware attacks from the investigation, dwell time rises to more than a month, as adversaries remain undetected for a median dwell time of 34 days. Considering this, and the fact almost half of attacks (47%) began with an exploited vulnerability, its implied that many organisations are not remaining proactive in scanning for threats and vulnerabilities. Organisations of all sizes can be hit by cyberattacks, so it is important organisations understand the necessity of looking for hidden cyber threats.
The smaller the room, the longer the hiding spot?
Cybercriminals have found their most success with smaller businesses, as growing businesses focus time and resources into priorities other than cybersecurity. Cybercriminals that are able to infiltrate, steal and encrypt data for more than 50 days can lead to devastating consequences for growing businesses, as Sophos found 60% of small and medium sized businesses shut down within the next six months after a cyberattack.
How to stop the game before it begins
The notion that an organisation won't be targeted by an cyberattack, no longer exists. It is becoming increasingly common that every organisation is the target of multiple attacks. To combat the evolving threats and rising dwell times, organisations must not only invest in cybersecurity that lets them be proactive and resilient, but they should also instil good cybersecurity practises such as:
- Proactive scanning: Organisations can mitigate the damage from hidden threats by constantly monitoring and investigating suspicious activity. By further running tests on their cybersecurity software, organisations can detect and patch vulnerabilities before they are discovered by adversaries.
- Installing cyber resilience solutions: Organisations can bolster their cybersecurity and reduce dwell time within their systems through threat detection and response solutions offered as a service. Solutions such as Sophos Managed Detection and Response provide organisations with 24/7 threat hunting, detection and responses from dedicated cybersecurity experts. This provides the organisation with peace of mind that even when they can't internally scan for threats, a team of professionals are still on the hunt for them.
- Education: Employees are not expected to be cybersecurity experts. However, organisations that implement cybersecurity awareness training and education can arm their employees to be cybersecurity gatekeepers. By understanding the principles of cybersecurity, what to protect, how to protect it, how to notice irregular activity or identify a phish, employees can help reduce the risk of an attack.
Let hide and seek remain a children's game
Cyber threats will continue to evolve in complexity and prevalence and, therefore the onus is on organisations to stay one step ahead. Organisations that implement a balance of technological solutions backed up by human surveillance to create a holistic cybersecurity environment will be best placed to fortify their business to reduce the dwell times of hidden adversaries.