According to a new report, the time that the cyber criminals within the breached networks has decreased. This could be considered a positive development, as it shows that victims discover cyberattacks sooner and do not give time to hackers. But it seems that the increase in ransomware attacks plays a role.
FireEye Mandiant security investigators analyzed hundreds of cyber incidents and found that the average time spent on the networks - the time from the start of a breach to its detection - has been reduced to 24 days.
According to M-Trends 2021 Annual Threat Report, this means that incidents are detected twice as fast as last year, where the average stay was 56 days. About 10 years ago, organizations needed about a year to realize that cyber criminals had infiltrated their network.
The reduction in hackers 'downtime is due in part to most of the organisms' detection and response capabilities, but the researchers noted that increasing ransomware attacks has also played a role.
Ransomware attacks are one of the biggest threats in cyberspace. Criminals break into networks, encrypt them, and then demand ransom from victims, usually in Bitcoin.
These cyberattacks are extremely lucrative for criminals. Victims realize that they have been attacked when they see that their network is encrypted and receive a ransom note from the hackers.
One of the main advantages of ransomware attacks is that they can offer a lot of money to criminals, in a relatively short time. Once they violate all the required data in the network, they infect the network with ransomware. There is no reason to wait. Thus, they stay for a short time in the networks.
Ransomware attacks are extremely successful and will surely keep security researchers busy for a long time to come.
However, it is not the only threat facing organizations. Phishing and other malware are also very common.
It is good that organizations are able to detect cyberattacks faster in cyberspace. But the best way to protect an organization is detecting and preventing the attack before the network is compromised.
FireEye Mandiant researchers suggest some basic security principles, including regular system updates, so that criminals cannot take advantage of known vulnerabilities.