Organizations are detecting and containing attacks faster since GDPR
For organizations in the EMEA region, the 'dwell time' between the start of a cyber intrusion and it being identified, has fallen from 177 days to 54 days since the introduction of GDPR.
A new report from FireEye Mandiant also shows a decrease in dwell time globally, down 28 percent since the previous report. Median dwell time for organizations that self-detected their incident is 30 days, a 40 percent decrease year on year.
But while internal dwell time has seen the greatest level of improvement, still 12 percent of investigations continue to have dwell times of greater than 700 days.
2019 is the first time in four years in which external notifications, when an outside entity informs an organization that it has been compromised, exceeded internal detections. Median dwell time here is 141 days, down 23 percent on the previous figure.
FireEye believes this shift is potentially due to a variety of factors, such as increases in law enforcement and cyber security vendor notifications, changes in public disclosure requirements driven by legislation like GDPR, and compliance changes.
"FireEye Mandiant has seen organizations largely improving their level of cyber security sophistication, but combating the latest threats is still a huge challenge for them," says Jurgen Kutscher, executive vice president of service delivery at FireEye. "There are more active groups now than ever before and we’ve seen an aggressive expansion of their goals. Consequently, it's crucial for organizations to continue building and testing their defenses."
The report also shows that 70 percent of the malware samples identified in 2019 belong to one of the five most frequently seen families, which are based on open source tools with active development.
Of the attacks that FireEye Mandiant professionals responded to, 29 percent were likely motivated by direct financial gain. This includes extortion, ransom, card theft, and illicit transfers. The second most common (22 percent) was data theft likely in support of intellectual property or espionage end goals.
The full report is available from the FireEye site.