Organisations around globe becoming better at detecting breaches: Report
FireEye, Inc., the leader at stopping today's advanced cyber attacks, recently released the Mandiant M-Trends 2017 report.
The report shares statistics and insights gleaned from Mandiant investigations around the globe in 2016, as well as specific to the EMEA and APAC regions.
Additionally, they have included insights from their FireEye as a Service (FaaS) teams for the second consecutive year.
Some of the key points include:
Organisations around the globe are becoming better at identifying breaches. The global median time from compromise to discovery has dropped significantly from 146 days in 2015 to 79.5 days in 2016.
We're seeing a much higher degree of sophistication from attackers than ever before. Nation-states continue to set a high bar for sophisticated cyber attacks, but some financial threat actors have caught up. Financial attackers have improved their tactics, techniques and procedures to the point where they have become difficult to detect and challenging to investigate and remediate.
An unexpected trend observed in 2016 is attackers calling targets on the phone. They did this to convince victims to enable macros in a phishing document, or to get targets to provide a personal email address in order to circumvent controls protecting corporate accounts.
They observed that defensive capabilities have been slow to evolve. A majority of both victim organisations and those working diligently on defensive improvements are still lacking fundamental security controls and capabilities to either prevent breaches or to minimise the damages and consequences of an inevitable compromise.
Organisations must adopt a posture of continuous cyber security, risk evaluation and defensive adaptation. If not, they stand to face significant gaps in both fundamental security controls and - more critically - visibility and detection of targeted attacks.