APAC takes 520 days too long to respond to threats, says FireEye
New research has found that it is taking the entire Asia Pacific region much longer than the rest of the world to detect cyber threats: a median 520 days compared to a global median of just 146.
FireEye released its Mandiant M-Trends Asia Pacific report, which examines cyber threat data gained from Mandiant investigations last year.
“The median time between compromise and detection in the Asia Pacific region is more than 17 months, which is plenty of time for any attacker to push through with their objectives,” says Tim Wellsmore, director of threat intelligence and consulting at FireEye A/NZ.
What's more, some hacking tools have exclusively targeted organisations in the Asia Pacific region. Furthermore, a large 45% of security incidents come from internal sources.
“To put this into perspective, one of our ‘red teams’ can capture domain administrator credentials in an average of three days after gaining access to an environment. Once these credentials are obtained, it is just a matter of time until an attacker can find and steal just about any information they want," Wellsmore continues.
From the data, FireEye discovered that an average of 3.7GB of data was stolen in every organisation - and Wellsmore believes that even a few compromised machines are unacceptable.
“We consider this approach to be inadequate for enterprise-scale incidents. It is just too difficult to identify all of the compromised machines - efforts to address the threat are easily circumvented as attackers are tipped off and stay in the environment or quickly regain access," he says.
The research also found that most Asia-Pacific breaches are never disclosed as there are few effective laws in place for this.
“Unfortunately being unprepared for a breach is business as usual in Asia Pacific, and the region’s governments and boards need to address this further,” said Rob van der Ende, vice president for Mandiant Consulting, Asia Pacific and Japan at FireEye.
With Asia Pacific organisations simply unprepared with little to no basic response processes from attacks, the culture towards cybersecurity needs to change, FireEye says.
The research showed that while forensic investigations were somewhat common, they never solved the problem or eliminated the hackers. Instead, some organisations only made things worse by destroying evidence.
“To significantly improve, organisations must bring together the technology, threat intelligence and expertise necessary to quickly detect and respond to cyber attacks. Firms can benefit by embracing modern response techniques rather than legacy approaches, which often fail to find the attacker’s needle in the haystack," van Der Ende concludes.