The global median dwell time—the median time an attacker is in a target’s systems undetected—was 16 days last year, according to Mandiant. That’s down from 21 days in 2022, and it’s the lowest since Mandiant has been keeping track. “When we first started tracking this metric back in 2011, the dwell time was actually really high… 416 days,” Mandiant’s chief technology officer, Charles Carmakal, said in a video interview with Dark Reading. “So it’s getting a lot better.”
Carmakal noted that threat actors are moving more quickly, either causing disruption that organizations discover or notifying the organizations themselves that they have been hacked. But he also credited organizations with improvement in detecting attacks, in part by hiring more securities professionals and buying more technology products.
As Securities Boulevard points out, a surprising conclusion from the report was a decline in the prevalence of ransomware. Last year, 18% of global intrusions involved ransomware, down from 23% in 2021, according to Mandiant.
Remarkably, external entities notified organizations of breaches in 63% of incidents. That’s up from 47% in 2021 and near 2014 levels.
Another notable finding was how threat actors leverage data obtained through social engineering, underground markets and bribery. “These adversaries demonstrated a willingness to get personal with their targets, bullying and threatening many of them," according to the report.
In a speech at RSA Conference, Mandiant CEO Kevin Mandia outlined steps that organizations can take to avoid becoming victims, as Cybersecurity Dive reports. Institutional knowledge, multi-factor authentication and honeypots are just a few of his recommendations. He also suggested studying module logging, reporting risk to boards in a consistent way and identifying critical assets.