Story image

175 days to detect a network intruder in EMEA - just 77 in US

07 Apr 2018

A new study has emerged from FireEye that reveals US businesses are significantly more security savvy than their European counterparts when it comes to intruder detection.

FireEye’s M-Trends 2018 report found that organisations in Europe, the Middle East and Africa (EMEA) are taking 175 days (equating to nearly six months) to actually detect an intruder in their networks, giving said cybercriminal plenty of time to wreak havoc.

When compared to the findings from FireEye’s same survey last year, the median dwell time before detection in EMEA was a substantially lower figure of 102 days. In contrast, the median dwell time in the US is only 76 days, improving from 99 in 2016.

However, Asia Pacific (APAC) blows every region out of the park by a country mile after the report found the area’s median dwell time to be a staggering 489 days, soaring from 172 days in 2016.

FireEye says these findings are of particular concern when you take into consideration that GDPR is just around the corner with more severe breach disclosure guidelines and fines of €20 million or four percent of global turnover, whatever is the higher of the two.

High-Tech Bridge CEO Ilia Kolochenko says he is not surprised by the figures that EMEA appears to be far less equipped in terms of threat detection, as compared to other countries the US has always pioneered the cybersecurity industry with the highest budgets and willingness to invest into disruptive information security technologies.

“Technically speaking, these alarming numbers reflect the reality, however, I don’t see any reason for panic. Numerous previous reports have stated even longer breach detection periods and more disastrous unpreparedness of the victims,” says Kolochenko.

“Additionally, many of the detected security incidents impact a very limited number of external stakeholders (e.g. clients or other third-parties) or are inconsequential in terms of negative outcomes for the victims.”

Kolochenko says the findings should be viewed with a ‘glass half full’ perspective.

“Nowadays, the majority of large companies have a great wealth of unprotected Shadow IT systems that are continuously breached as organizations are not even aware of their existence. But the "crown jewels" systems are usually well protected and isolated,” says Kolochenko.

“A rise in machine learning solutions, capable of proactively detecting various anomalies, will greatly reduce breach detection time if properly installed and configured. Emerging cyber deception systems, will also help to identify intrusions in a timely manner. Therefore, I rather see a positive trend and new exciting opportunities for the market.”

The report from FireEye uncovered a number of further findings, including that cybercriminals often can’t resist a second attack – 56 percent of organisations around the world that received incident response support were then attacked again by the same or similarly motivated attack group.

Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.