Fraud Management & Cybercrime
Fraud Risk Management
Incident & Breach Response
Faster Detection Is Good News, But More Speed Still Needed, Mandiant Reports
“Dwell time,” which refers to how long hackers hang out in an organization’s network before being discovered, has historically been a key metric for expressing whether hack-attack victims are getting better at detecting intruders.
The longer attackers can spend in an organization’s network, the more chance they have to jump to systems, crack passwords, find and exfiltrate valuable data and maybe leave crypto-locking malware on systems.
The good news is that the average dwell time continues to decline, according to FireEye’s Mandiant incident response group. The bad news is that it declined, in part, due to ransomware attackers often quickly revealing themselves when corporate networks become crypto-locked and inaccessible.
Mandiant keeps a running tally of how long organizations that it assists take to detect a breach, as well as whether they self-detected the attack – thanks to internal teams independently finding it – or if they were alerted to the breach by an external event or third party, such as the FBI or another law enforcement agency.