INTELLIGENT BRANDS // Enterprise Security
POWERED BY
FireEye report finds
organisations are faster at
identifying attacker activity
/////////////////////////////
F
ireEye, the intelligence-led security
company, has released the Mandiant
M-Trends 2019 report. The report
shares statistics and insights gleaned from
Mandiant investigations around the globe
in 2018.
Key findings include:
• Dwell time decreasing as
organisations improve detection
capabilities – In 2017, the median
duration between the start of an
intrusion and the identification by
an internal team was 57.5 days. In
2018, this duration decreased to
50.5 days. While organisations are
becoming more efficient in discovering
breaches internally, rather than being
notified by an outside source such as
law enforcement, there is also a rise
in disruptive, ransom, or otherwise
immediately visible attacks. The global
median dwell time before any detection,
external or internal, has also decreased
by more than a month – going from 101
days in 2017 to 78 days in 2018. The
same measurement was as high as 416
days back in 2011
• Nation-state threat actors are
continuing to evolve and change
– Through ongoing tracking of threat
actors from North Korea, Russia, China,
Iran and other countries, FireEye has
observed these actors continually
enhancing their capabilities and
changing their targets in alignment with
their political and economic agendas.
Significant investments have provided
these actors with more sophisticated
tactics, tools and procedures, with some
becoming more aggressive and others
better at hiding and staying persistent for
longer periods of time
• Attackers are becoming increasingly
persistent – FireEye data provides
evidence that organisations which have
been victims of a targeted compromise
are likely to be targeted again. Global
data from 2018 found that 64% of all
FireEye-managed detection and response
customers who were previously Mandiant
incident response clients were targeted
again in the past 19 months by the same
FIREEYE OBSERVED
AN INCREASE IN
COMPROMISES
THROUGH
PHISHING ATTACKS
DURING MERGERS
AND ACQUISITIONS.
or similarly motivated attack group, up
from 56% in 2017
• Many attack vectors used to get to
targets, including M&A activity –
Attacker activity touches countries across
the globe. Among them, FireEye observed
an increase in compromises through
phishing attacks during mergers and
acquisitions (M&A) activity. Attackers
are also targeting data in the cloud,
including cloud providers, telecoms and
other service providers, in addition to re-
targeting past victim organisations
“In 2018, FireEye saw organisations
respond faster to breaches than ever before,
but we’ve also seen attackers become
increasingly sophisticated as they adopt new
methods,” said Jurgen Kutscher, Executive
Vice President of Service Delivery at FireEye.
“Our 2019 M-Trends report shows that no
industry is safe from these threats, which
is why it is positive to see breach response
times improving across the board. However,
most attackers only need a few days inside
an organisation to cause costly damage so
the battle on the front lines of cyber-attacks
will continue for the foreseeable future.” n
70
INTELLIGENTCIO
www.intelligentcio.com