Nation-State Attacks Take 500% Longer to Find

[steven36]

When it comes to threats that put your business at risk, gaining visibility into attacks remains a challenge. New research shows that in 50% of cases over the past 12 months, organizations had insufficient endpoint or network visibility to respond successfully.

 

 

According to cybersecurity specialist Secureworks’ Incident Response Insights Report, which is based on the analysis of real-world attacks, there has been increasing complexity when it comes to nation-state efforts. As a result, these take 500% longer to find.

 

Meanwhile, the top three industries most impacted by targeted cyber-threats were manufacturing, technology and government. On average, these targeted threats remained undetected in an organization’s IT networks for 380 days. In fact, Incident Response responders frequently encountered threat actors who had access to compromised environments for months, sometimes even years.

 

Meanwhile, financially motivated criminal activity far outweighs government-sponsored threat actors and insider threats, with 83% of attacks being financially motivated.

 

Phishing continues to be hackers’ favorite method for gaining access into organizations. About 40% of the incidents Secureworks conducted began with a phishing email.

 

On the defensive front, patching remains an issue, and lapses were a consistent theme in 2017 response engagements. While patching guidance and best practices are plentiful, the practicalities of applying patches to all affected assets, as soon as they become available, is rarely a straightforward exercise. Patching is often de-prioritized due to concerns about business continuity, for example. However, there is compelling evidence for getting it done.

 

“In almost every case where software vulnerabilities were exploited by an adversary to gain access to a network or system, the vendor had released security patches for those vulnerabilities months beforehand,” said Don Smith, senior director, Cyber Intel Cell and EMEA Lead, for the Secureworks's Counter Threat Unit (CTU).

 

When it comes to threats that put your business at risk, gaining visibility into attacks remains a challenge. New research shows that in 50% of cases over the past 12 months, organizations had insufficient endpoint or network visibility to respond successfully.

 

According to cybersecurity specialist Secureworks’ Incident Response Insights Report, which is based on the analysis of real-world attacks, there has been increasing complexity when it comes to nation-state efforts. As a result, these take 500% longer to find.

 

Meanwhile, the top three industries most impacted by targeted cyber-threats were manufacturing, technology and government. On average, these targeted threats remained undetected in an organization’s IT networks for 380 days. In fact, Incident responders frequently encountered threat actors who had access to compromised environments for months, sometimes even years.

 

Meanwhile, financially-motivated criminal activity far outweighs government-sponsored threat actors and insider threats, with 83% of attacks being financially motivated.

 

Phishing continues to be a hackers’ favorite method for gaining access into organizations. About 40% of the incidents Secureworks conducted began with a phishing email.

 

On the defensive front, patching remains an issue, and lapses were a consistent theme in 2017 response engagements. While patching guidance and best practices are plentiful, the practicalities of applying patches to all affected assets, as soon as they become available, is rarely a straightforward exercise. Patching is often de-prioritized due to concerns about business continuity, for example. However, there is compelling evidence for getting it done.

 

“In almost every case where software vulnerabilities were exploited by an adversary to gain access to a network or system, the vendor had released security patches for those vulnerabilities months beforehand,” said Don Smith, senior director Cyber Intel Cell and EMEA Lead for the Secureworks' Counter Threat Unit (CTU).

 

Source