The time being taken to detect breaches has reduced year-on-year.
According to the M-trends report from FireEye, despite one organisation being breached for over eight years, the time it takes organisations to detect that they have been compromised has dropped to 205 days in 2014, down from 229 days in 2013 and 243 days in 2012
Yet the report said that it is becoming harder for organisations to detect that they have been breached, with only 31 per cent of organisations discovering that they were breached via their own resources; down from 33 per cent in 2013 and 37 per cent in 2012.
“As the events of 2014 demonstrated, there is no such thing as perfect security,” said Kevin Mandia, SVP and COO of FireEye. “Based on the incidents that Mandiant investigated in 2014, threat actors have continued to evolve, up their game, and utilise new tools and tactics to compromise organisations, steal data and cover their tracks.”
David Flower, managing director EMEA at Bit9 + Carbon Black, said: “According to Verizon’s Data Breach Investigations Report (DBIR), on average it takes 243 days for a data breach to be discovered, if it’s ever discovered at all. This means that many organisations may already have been breached and yet remain unawares, giving hackers free reign to move around and take what they want.”
The M-trends report also found that attackers are becoming smarter about hiding in the most complex parts of the operating system, with more attackers utilising several complex tactics including using Windows Management Instrumentation to avoid detection and carry out broad commands on a system.