175 days to detect a network intruder in EMEA - just 77 in US
A new study has emerged from FireEye that reveals US businesses are significantly more security savvy than their European counterparts when it comes to intruder detection.
FireEye’s M-Trends 2018 report found that organisations in Europe, the Middle East and Africa (EMEA) are taking 175 days (equating to nearly six months) to actually detect an intruder in their networks, giving said cybercriminal plenty of time to wreak havoc.
When compared to the findings from FireEye’s same survey last year, the median dwell time before detection in EMEA was a substantially lower figure of 102 days. In contrast, the median dwell time in the US is only 76 days, improving from 99 in 2016.
However, Asia Pacific (APAC) blows every region out of the park by a country mile after the report found the area’s median dwell time to be a staggering 489 days, soaring from 172 days in 2016.
FireEye says these findings are of particular concern when you take into consideration that GDPR is just around the corner with more severe breach disclosure guidelines and fines of €20 million or four percent of global turnover, whatever is the higher of the two.
High-Tech Bridge CEO Ilia Kolochenko says he is not surprised by the figures that EMEA appears to be far less equipped in terms of threat detection, as compared to other countries the US has always pioneered the cybersecurity industry with the highest budgets and willingness to invest into disruptive information security technologies.
“Technically speaking, these alarming numbers reflect the reality, however, I don’t see any reason for panic. Numerous previous reports have stated even longer breach detection periods and more disastrous unpreparedness of the victims,” says Kolochenko.
“Additionally, many of the detected security incidents impact a very limited number of external stakeholders (e.g. clients or other third-parties) or are inconsequential in terms of negative outcomes for the victims.”
Kolochenko says the findings should be viewed with a ‘glass half full’ perspective.
“Nowadays, the majority of large companies have a great wealth of unprotected Shadow IT systems that are continuously breached as organizations are not even aware of their existence. But the "crown jewels" systems are usually well protected and isolated,” says Kolochenko.
“A rise in machine learning solutions, capable of proactively detecting various anomalies, will greatly reduce breach detection time if properly installed and configured. Emerging cyber deception systems, will also help to identify intrusions in a timely manner. Therefore, I rather see a positive trend and new exciting opportunities for the market.”
The report from FireEye uncovered a number of further findings, including that cybercriminals often can’t resist a second attack – 56 percent of organisations around the world that received incident response support were then attacked again by the same or similarly motivated attack group.