A recent report by Cyber Security Company Mandiant has revealed that EU companies take on average 3 times longer than the rest of the world to detect a compromise by attackers in their systems.
The year long investigation showed that the average detection time for European companies is 469 days compared to 146 days globally.
Being able to infiltrate and operate in a network for a longer period of time means that cyber criminals are able to take more time to target specific / the most private and valuable data, achieve multiple attack goals and to steal larger amounts of data.
For example, the Mandiant Report showed that attacks on European companies meant that cyber criminals were able to steal an average of a massive 2.6 GB data.
It is likely that experienced cyber attackers can obtain the vital domain ‘Administrator’ details / credentials within the first few days of the attack, thus giving them ample time and opportunities to progress the attack the longer that they remain undetected.
The large amount of time that attackers can access a system for (i.e. a large ‘dwell time’) in the case of European attacks also means that attackers can use multiple user and administrator accounts to make sure that they achieve their aims.
Spending a long time in a breached system also means that attackers can learn a lot about it. This may help account for Mandiant’s discovery that in breach investigations for the European region in the past year many organisations were found to have been re-compromised within months of an initial breach.
The reasons why cyber attacks on European businesses are taking too long to be discovered include:
- Compared to the U.S. for example there is very little proactive threat hunting by European companies. Many European companies have a ‘defensive architecture’ where they wait to be attacked before acting rather than hunting for threats and attackers.
- Agencies in the European region lack visibility into what is actually happening and / or have no mandate to notify organisations if they have been compromised because that is often not their purpose.
- European companies rely too heavily upon local government and law enforcement agencies for a notification of a compromise, rather than adopting the more successful approach of using external sources. Government and law enforcement agencies are often slower than external agencies at keeping up with the fast pace of developments in the evolving cyber threat landscape.
What Does This Mean For Your Business?
The results of the report help to illustrate the need for a far more proactive approach in European companies when it comes to threat detection.
Detecting a cyber attack early on can make a real difference in limiting the losses, and reducing the likelihood of being quickly re-compromised after recovering from the breach. Relying on law enforcement agencies and the government e.g. using the Cyber Essentials Scheme can help with basic protection but may not be enough in today’s environment. Professional help from external sources e.g. professional cyber security services could help your business to set up a more proactive and effective defence against evolving multiple cyber threats.