Businesses get better at detecting cyber intrusions

The latest Mandiant M-Trends report from intelligence-led security company FireEye finds that businesses are getting better at dealing with cyber intrusions.

The median dwell time -- the time between the start of a cyber intrusion and when it’s identified -- has come down from over a year in 2011 to just 24 days in 2020 and has more than halved from 2019's median dwell time of 56 days.

In addition more organizations are detecting their own incidents. Internal incident detection rose to 59 percent in 2020, a 12-point increase compared to 2019.

Among other findings organizations in the retail and hospitality industry were targeted more heavily in 2020 -- coming in as the second most targeted industry compared to 11th in last year's report. Healthcare also rose significantly, becoming the third most targeted industry in 2020, compared to eighth in last year's report. This increased focus by threat actors can most likely be explained by the vital role the healthcare sector has played during the global pandemic.

"Multifaceted extortion and ransomware are the most prevalent threats to organizations. In this year's report, direct financial gain was the likely motive for at least 36 percent of the intrusions we investigated," says Charles Carmakal, senior vice president and chief technology officer of FireEye's Mandiant threat intelligence operation. "Data theft and reselling of unauthorized access to victim organizations remain high as multifaceted extortion and ransomware actors have trended away from purely opportunistic campaigns in favor of targeting organizations that are more likely to pay large extortion demands. Given this surge, organizations must take proactive action to mitigate the potential impact."

The full report is available from the FireEye site.

Image credit: alphaspirit/Shutterstock