Businesses in the EMEA region are taking on average 175 days to detect a threat lurking on their networks, significantly longer than 102 days dwell time - or the number of days from first evidence of compromise that an attacker is present on a victim's network before detection - that the region reported the year before.
Globally however, when it comes to detecting that a compromise has taken place, not much has changed, with the report indicating that median dwell time of 101 days is pretty much unchanged from 2017's report of 99 days.
This was one of the findings of the FireEye company Mandiant's 'M-Trends 2018' report, based on Mandiant investigations into targeted attack activity conducted between 1 October 2016 and 30 September 2017.
Mandiant attributes this longer dwell time in EMEA to increased notification programmes by national law enforcement, which have discovered attacks dating back a significant period of time, many of which involved active attackers in the target environment at the time of notification.
Repeat attacks
The report also revealed that criminals aren't happy with a single attack, and are returning to the same targets, sometimes more than once. The report said that 56% of organisations that were targets of a significant attack in the last year and a half, were targeted a second time in that period - a figure that is up from 38% five years ago.
In addition, it showed that 49% of those who fell victim to an additional attack, were successfully attacked again within a year of the initial attack and a whopping 86% who fell victim to additional 'significant' attacks were found to have more than one unique attacker active in their networks and systems.
According to Mandiant, a significant attack is attacker activity that might include data theft, compromised accounts, credential harvesting, lateral movement and spear phishing.
On the positive side, the report showed that organisations around the world are identifying attacker activity without the aid of outside source, with 62% of breaches now detected internally.
Share