alswart - stock.adobe.com

Average attacker dwell time nearly six months for EMEA, study shows

Firms in Europe, the Middle East and Africa take nearly six months to detect cyber attacks on average, a report reveals

The time taken by firms to detect breaches increased by 40% from 2016 to 175 days on average in 2017, according to the latest M-Trends report by security firm FireEye.

This dwell time for the Europe, Middle East and Africa (EMEA) region is also 74 days longer than the global average of 101 days, which is up from 99 days in 2016, according to the report, which is based on information gathered during investigations by FireEye’s security analysts in 2017.

The report attributes the increase in dwell time to the rise in the number and variety of attacks from multiple threat actors, a decrease in organisations using incident response to address destructive malware, an increase in notifications by law enforcement, and an increase in the discovery of existing compromises relating to industrial control systems (ICS).

However, the report indicates that organisations in the region have made progress in discovering breaches internally, rather than being notified by law enforcement or another outside source.

The EMEA median dwell time for internal detection was 24.5 days, down from 83 days in the previous year and below the global figure for internal detection of 57.5 days.

In 2017, 24% of investigations in EMEA by FireEye company Mandiant involved organisations from the finance sector, which made finance the most targeted sector, ahead of government (18%) and business and professional services (12%).

FireEye data also provides evidence that organisations that have been victims of a targeted compromise are likely to be targeted again. Global data from the past 19 months shows that 56% of all FireEye managed detection and response customers that came out of Mandiant incident response support were targeted again by the same, or a similarly motivated, attack group.

The findings also show that at least 49% of customers that had experienced at least one significant attack were successfully attacked again within a year. In EMEA specifically, 40% of customers that had been affected by a serious breach had multiple significant attacks from multiple groups throughout the year.

Read more about dwell time

The demand for skilled cyber security personnel continues to rapidly outpace supply, adding to the existing skills shortage, the report showed. Industry research data by the National Initiative for Cybersecurity Education (NICE), and insights gained through FireEye engagements throughout 2017, point to the deficit getting worse over the next five years.

These findings show that the main areas affected by the skills gap are visibility & detection and incident response, the report found, saying that in both these disciplines, a lack of expertise is causing a potentially costly delay in dealing with malicious activity.

“It is disappointing to see median dwell times increasing significantly in EMEA organisations, particularly with the GDPR [EU General Data Protection Regulation] deadline just around the corner,” said Stuart McKenzie, vice-president of Mandiant at FireEye.

“However, on the positive side, we have seen a growing number of historic threats uncovered this year that have been active for several hundred days. Detecting these long-lasting attacks is obviously a positive development, but it increases the dwell-time statistic.”

Read more on Hackers and cybercrime prevention