2017 can be dubbed as the ‘Jubilant’ year for the cybercriminals. No kidding.
Halfway through the year and we have already witnessed 3 major breaches that handicapped millions of systems, hindered smooth functioning of more than 1000 companies from over 150 countries.
This, in addition to hundreds of other small-scaled attacks, has proved one thing.
Cyber hackers are getting smarter by the clock and no one is safe. Neither multi-chain organizations nor round-the-corner shops.
The Breach Detection Gap (BDG) or dwell time noticed is also pretty surprising.
According to the media reports seen over the years, many breaches -small or big- go undetected for several months or several years even. Hackers might have been leaking sensitive data under your nose for years without you knowing a thing. Shocking, but true.
Is this valid for every case, though?
Let’s find out the answer.
The Average Dwell Time
According to the study published by FireEye, the average dwell time for a cyber breach globally is 146 days.
Almost 5 months. A time period that could provide the hackers with all the information they desire, full-on stalk your transaction and bank details and let the infection spread to hundreds and thousands of other systems and take in their data as well. Gold, indeed.
This number is four times in the Europe, the Middle East, and Africa a.k.a. EMEA region. 469 days, to be precise.
The average dwell time is also largely dependent on the industry involved. It has been noticed that financial services do better when breached (98 days) and the retail sector takes the longest to detect any anomaly (197 days).
If you think this is surprising then know that the longest undetected breach on any organization has been recorded as a whopping 2,982 days, i.e. more than 8 solid years.
While the numbers have improved significantly from the last few years (205 in 2014 and 227 in 2013), it can’t be said whether the organizations today are actually prepared for a real-time threat diversion.
Companies all around the globe constantly find themselves in a hard spot when it comes to cybersecurity. Whether it’s because of the attacks getting sneaky and sophisticated by the day, or their lack of accurate tools and technologies that could help detect a breach better; there is a loophole and it needs to be fulfilled as soon as possible.
Another major factor highlight would be an organization’s inability to detect an internal breach on their own.
The same report by FireEye states that 69% of the companies around the globe get notified by a third party in the case of a cyber breach and only 31% of them discover it themselves. In fact, most of the time it was law enforcement that made them aware of their condition.
The extended dwell time actually makes sense now.
Combine all this with the strict cyber laws prevalent in some countries- the stress upon submitting the data breaches with all the details of discovery and management within 72 hours of its discovery.
How is an organization going to come ahead and accept they have been a blind spot for months without the damaging their reputation and financial status. Ah, the embarrassment!
Gaining your access back isn’t the main problem here. In many cases, you get to open your account back with some proof, but until then the hackers have already gotten past the credentials to compromise a degree of sensitive data.
Breach detection, hence, is a thousand fold difficult than treating it.
Once caught, you can always engage a number of cybersecurity tools and secure your system once again. But, the major challenge comes with the extended time-frame in which the threat remains undetected. The attackers get a free pass to get in and stay in for months causing varying degrees of irreparable damage.