Organizations Globally Quicker Than Before at Identifying Attacker Activity: Mandiant M-Trends Report 2018
FireEye, the intelligence-led security company, today released the Mandiant M-Trends 2018 report. The report shares statistics and insights gleaned from Mandiant investigations around the globe in 2017.
The key findings include:
- Organizations which can detect breaches are doing so faster – In 2016, the median duration between the start of an intrusion and it being identified by an internal team was 80 days, but in 2017 it decreased to 57.5 days. This shows that organizations appear to be getting better at discovering breaches internally, rather than being notified by law enforcement or another outside source. The global median dwell time before any detection —external or internal— rose to 101 days in 2017, from 99 in 2016.
- Once a target, always a target – FireEye data provides evidence that organizations which have been victims of a targeted compromise are likely to be targeted again. Global data from the past 19 months found that 56 percent of all FireEye managed detection and response customers which received incident response support were targeted again by the same or a similarly motivated attack group. Findings also show that 49 percent of customers with at least one significant attack were successfully attacked again within one year.
- Cybersecurity skills gap, ‘the invisible risk’ – The demand for skilled cyber security personnel is continuing to rise, but the supply is not keeping pace. Industry research data by the National Initiative for Cybersecurity Education (NICE) and insights gained through FireEye engagements throughout 2017 point to the deficit getting worse over the next five years. These findings show that the main areas being affected by the skills gap are visibility and detection, and incident response. In both of these disciplines, a lack of expertise can cause costly delays in dealing with malicious activity.
“FireEye has seen organizations make gains in their response to breaches in some areas, such as their ability to detect intruders, but they still face a number of challenges,” said Chris Nutt, Managing Director of Mandiant at FireEye. “Many companies face campaigns waged by multiple threat actors in the aftermath of a compromise, and the skills shortage in cyber security makes these challenges even greater.”