EMEA organizations not up to the challenge of stopping advanced threats; dwell time three times longer than global average
FireEye, Inc. (NASDAQ: FEYE), the leader at stopping today’s advanced cyber attacks, today announced the release of the first Mandiant® M-Trends® EMEA report. M-Trends EMEA drills down into the statistics collected during investigations conducted in EMEA by Mandiant’s leading consultants in 2015 and details leading cyber trends and tactics threat actors used to compromise businesses and steal data.
Some of the key findings include:
– Organizations in EMEA took three times longer to detect a compromise
The mean dwell time (time between compromise and detection) in the region was 469 days versus a global average of 146 days.
– EMEA businesses can’t rely on local agencies to receive a notification of compromise
Only 12% of the observed compromises of organizations in EMEA were detected by an external source. This is a huge disparity with global figures, where external sources accounted for 53% of detections globally. Whilst, through necessity, EMEA organizations discovered breaches themselves 88% of the time, EMEA average dwell time (469 days) would suggest this often came too late.
– Many organisations in EMEA were re-compromised within months of an initial breach
Unsuitable techniques to hunt for attacks within an environment often resulted in a failure to understand the true scope of the incident. Mandiant consultants found many EMEA organizations still opting for a traditional forensic methodology, only analysing a handful of machines, and subsequently increasing the risk of becoming re-compromised.
“With threat actors targeting EMEA organizations with a multitude of motives from strategic intelligence to media impact and brand damage, concerns around advanced cyber threats have swiftly spread from the IT department up to the boardroom,” said Bill Hau, Vice President of Mandiant Security Consulting Services, FireEye. “The majority of organizations need to move away from the traditional methodology of responding to incidents as otherwise the dwell time will not decrease at a fast enough rate. This, coupled with the fact that some EMEA governments are at various levels of maturity with their national CERT capabilities / mandate has resulted in businesses being under tremendous pressure to detect threats themselves and, according to our statistics, they simply have not been quick enough to do so. From our observations, there are clearly some stark contrasts between EMEA and the rest of the world, which boardrooms in the region need to address.”