There are two ticking clocks with every cyberattack—time to detect and time to respond, and every second counts when an adversary is in the environment.
If time to detect lags, the hacker can map the affected organization’s system, figure out where the most valuable data resides, and attack from within at their leisure. Time to respond is the action part, where the breach is contained and remediated.
Real-life examples abound. Microsoft and Uber were hacked last year by the notorious threat group LAPSUS$. It took Microsoft one hour to detect and limit the attack to a short-lived network breach. Uber took up to two weeks to notice the breach and respond, and during that “dwell time," the hackers took a joy ride in Uber's systems and stole confidential information.
Falling Dwell Times Mean Faster Activity
The latest Sophos 2023 Active Adversary Report shows that the median dwell time for all attacks is eight days in the first half of 2023. The average dwell time for a ransomware attack is down to 5 days. Although dwell times may be down slightly from the previous year, the attackers are speeding up their efforts in response to improved detection capabilities.
Sophos Field CTO Chester Wisniewski said the average customer response to a threat is approximately 16 hours. “During any attack, time is of the essence. In the first 30 minutes, the intruder will emplace the back doors and persistent mechanisms needed to re-enter the system. Sophos can stop a confirmed threat with an industry-leading average threat response time of 38 minutes. This is considerably faster than other security vendors and 96 percent faster than the industry benchmark.”
Detecting and neutralizing a threat is just part of the security operations process. Unless your customers can respond to an attack in minutes instead of hours, they remain fully exposed to an attack.
Make Time Your Ally
The attacker only needs to compromise a single user to cause significant damage. Sooner or later, your customers are going to be attacked. Having a cyber strategy in place is one of many in-depth defensive controls to prevent compromise and reduce downtime.
Sophos secures more organizations than any other MDR provider. Use the Sophos Incident Response Planning Guide to help your customers better prepare and effectively plan for, respond to, and recover from a cyberattack. Implement Sophos MDR to deliver that defense as a service and make time your customer’s ally.