Report: Advanced Cyberattacks Can Remain Undetected for 229 Days on Average

Cybersecurity firm Mandiant has released its fifth annual M-Trends report, called Beyond the Breach. The report can be downloaded for free after a brief registration (link below).

According to a Silicon Republic article, the report highlights increased activity by Iran-based hackers who are looking for vulnerabilities in energy and government bodies. The report also compares cyberattack detection times and organizations’ abilities to detect breaches.

One of the biggest discoveries of the report is that on average, advanced cyberattacks can remain undetected for 229 days. This is a statistic for 2013, a drop from the 243 days of 2012.

Though this isn’t a huge difference, compared to 2011’s average 416 days, it’s significant. This is just an average, however. Sometimes, attacks can go undetected for years. According to the Silicon Republic article, the longest time an attacker was active before being detected in 2013 was six years and three months.

The report also found that organizations still need to improve their ability to detect breaches. According to the article, 37% of organizations detected breaches on their own in 2012. In 2013, that number dropped to 33%.

As we know, cyberattacks are becoming more and more prevalent. Beyond the Breach has found this is true in political conflicts too.

The Silicon Republic article said, “Mandiant warned that suspected Iran-based threat actors conduct reconnaissance on the energy sector and state government. Multiple investigations at energy-sector companies and state government agencies of suspected Iran-based network reconnaissance activity indicates that threat actors are actively engaging in surveillance activities. While these suspected Iran-based actors appear less capable than other nation-state actors, nothing stands in the way of them testing and improving their capabilities.”

The Mandiant M-Trends report can be downloaded for free after a brief registration here:
For the original article, click here: