Finance sector remains chief target and repeat attacks the norm
Malicious actors sat in the networks of EMEA-based organisations’ networks a median of 175 days before being detected in 2017, according to FireEye’s annual M-Trends report, published today.
That’s up 40 percent year-on-year and significantly above figures for the US.
Stuart McKenzie, VP EMEA, Mandiant at FireEye, told Computer Business Review: “There are a number of factors that have increased the median dwell time and not all of them are negative. Firstly, we have noted an uptick in Government/Law Enforcement Agency notification programs. This has been focused on Advanced Persistent Threats, and has uncovered some historic attacks in organisations which have moved the number upwards.”
He added: “Additionally, we see organisations treat ransomware or destructive attacks such as NotPetya and Wannacry, for example, as incident response reviews and an opportunity to improve strategic defences as opposed to incident response. This has meant that many destructive attacks are no longer categorised as response – which was potentially skewing the numbers down.”
The finance sector remains the industry most targeted by hackers, FireEye said, with 24 percent of the company’s investigations in the EMEA region involving organisations from the finance sector, ahead of government (18 percent) and business and professional services (12 percent).
Crucially, the report suggests that most targets face repeated attacks by the same or similarly motivated groups.
Fifty one percent of all FireEye managed detection and response customers who came out of Mandiant incident response support were targeted again by the same or a similarly motivated attack group, with 49 percent of customers that had experienced at least one significant attack were successfully attacked again within the next year.
“In EMEA specifically, 40 percent of customers who had been affected by a serious breach had multiple significant attacks from multiple groups throughout the year”, the report noted, adding that the demand for skilled cyber security personnel is continuing to rapidly outpace supply, with industry research data by the National Initiative for Cybersecurity Education (NICE), and insights gained through FireEye engagements throughout 2017, point to the deficit getting worse over the next five years.