• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

Cybercriminals are better at achieving their goals

FutureCIO Editors by FutureCIO Editors
April 27, 2022
Photo by Tima Miroshnichenko from Pexels: https://www.pexels.com/photo/close-up-view-of-system-hacking-in-a-monitor-5380664/

Photo by Tima Miroshnichenko from Pexels: https://www.pexels.com/photo/close-up-view-of-system-hacking-in-a-monitor-5380664/

In cybersecurity parlance, dwell time is the time it takes between an attacker’s initial penetration of an organisation’s environment and the point at which the attacker is discovered. The average dwell time varies by industry and region. A 2019 Attivo survey puts this number at 100 days of undetected access within a network.

A Chubb report, Ignorance is Risk: Regional SME Cyber Preparedness Report 2019, revealed that for SMEs, the dwell time of non-ransomware attacks averages 798 days.

Dwell time drops to three weeks

According to Mandiant’s M-Trends 2022 report, the global median dwell time has dropped from 24 days in 2020 to 21 days in 2021.

The dwell time distribution for APAC reveals 60% of intrusions had dwell times of 30 days or fewer with 60% of these (36% of all APAC intrusions) detected in one week or less. At the other end of the spectrum, like observations from previous years, dwell time distribution in APAC continues to show that several intrusions go undetected for extended periods of time.

Intrusion detection

In APAC, organisations are detecting intrusions quicker and external entities are notifying organisations of intrusions faster. Intrusions in APAC that were detected internally had a median dwell time of 22 days in 2021 compared to 33 days in 2020. The median dwell time for intrusions with an external notification source was 16 days in 2021 compared to 137 days in 2020—an 88% reduction.

Mandiant experts also observed that 13% of intrusions in APAC in 2021 had dwell times that exceeded three years.

Organisations’ improved threat visibility and response as well as the pervasiveness of ransomware––which has a significantly lower median dwell time than non-ransomware intrusions––are likely driving factors behind reduced median dwell time.

The report found that in APAC 76% of intrusions in 2021 were identified by external third parties, a reversal of what was observed in 2020.

Organisations in APAC have impressive detection capabilities. However, intrusions that go undetected initially can remain undetected, resulting in extensive dwell times when they are ultimately detected.

Additional takeaways

Infection Vector: For the second year in a row, exploits remained the most frequently identified initial infection vector. Of the incidents that Mandiant responded to during the reporting period, 37% started with the exploitation of a security vulnerability, as opposed to phishing, which accounted for only 11%. Supply chain compromises increased dramatically, from less than 1% in 2020 to 17% in 2021.

Target industries impacted: Business and professional services and financial were the top two industries targeted by adversaries (14%, respectively), followed by healthcare (11%), retail and hospitality (10%) and tech and government (both at 9%).

New multifaceted extortion and ransomware TTPs: Mandiant observed multifaceted extortion and ransomware attackers using new tactics, techniques and procedures (TTPs) to deploy ransomware rapidly and efficiently throughout business environments, noting that the pervasive usage of virtualisation infrastructure in corporate environments has made it a prime target for ransomware attackers.

Ransomware was more prevalent in APAC in 2021 compared to previous years. Ransomware-related intrusions accounted for 38% of intrusions investigated in APAC in 2021 compared to 12.5% of intrusions in 2020 and 18% of intrusions in 2019.

This is in line with Mandiant’s observations that ransomware extortion gangs continue to thrive off a successful ransomware-as-a-service model and the various specialisations of threat actors across the attack lifecycle in the cyber-criminal underground.

APAC organisations should continue to remain vigilant of the latest developments in the ransomware extortion domain and work with trusted partners to validate the security of their systems.

Advisory

Jurgen Kutscher, executive vice president, service delivery at Mandiant says considering the continued increased use of exploits as an initial compromise vector, organisations need to maintain focus on executing on security fundamentals––such as asset, risk and patch management.

He added that multifaceted extortion and ransomware continue to pose huge challenges for organisations of all sizes and across all industries, with this year’s M-Trends report noting a specific rise in attacks targeting virtualisation infrastructure.

The key to building resilience lies in the preparation. Developing a robust preparedness plan and a well-documented and tested recovery process can help organisations successfully navigate an attack and quickly return to normal business operations,” concluded Kutscher.

Related:  Cost of a data breach hits US$3.05M for ASEAN businesses
Tags: cybersecurityintrusion detection and preventionMandiant
FutureCIO Editors

FutureCIO Editors

No Result
View All Result

Recent Posts

  • Experts warn against AI-powered deepfake impersonation scams
  • Dropbox updates universal search and knowledge management product
  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe