Today’s cyber attackers have less time to do more damage inside a system before being found out, according to the latest Sophos Active Adversary Report for Tech Leaders. This comprehensive report provides channel partners and tech leaders with invaluable insights into today's most persistent cyber adversaries' tactics, techniques, and procedures (TTPs).
Timing Is Everything
The time to detect and respond, also known as dwell time, shrunk from 10 days in 2022 to 8 days in the first half of 2023. But the bad news is that ransomware attackers were the big push factor behind the drop, moving their average dwell time from 9 to 5 days. Such adversaries typically strike outside traditional business hours, usually late Friday and into the weekend, when detection and response by resource-constrained IT departments is less likely.
In many cases, adversaries worked quickly to reach the Active Directory (AD), which controls user credentials and system access for the entire IT system. Median attack time against the AD was only 16 hours, explained Christopher Budd, Director of Sophos X-Ops Threat Research. “If you think of your organization's network as a ship, we're saying you've only got 16 hours after the pirates land before they're going after the bridge. And like with the bridge of a ship, if you lose control of your Active Directory, you've lost the ship.”
Adversaries are now increasingly using compromised credentials as another avenue of attack in half of all incidents. Sophos found that in 39 percent of cases it investigated in the first half of this year, multi-factor authentication (MFA) was not configured. The lesson: Compromised credentials are a gift that keeps on giving (your data away).
The Solution That Never Sleeps
Overworked IT departments are struggling to keep their guards up around the clock, which is one reason why attackers like to strike during off-hours leading into the weekend. Those same IT personnel are also hard-pressed to maintain software updates and patches. And configuring a security system requires a level of focused expertise that harried generalists may not be able to deliver.
Gaps in sentry time and overlooked protections are like open windows to a burglar: an easy way in. A dedicated channel partner armed with Sophos 24/7/365 cybersecurity solutions and expertise can close the more accessible avenues of data attack. They can make sophisticated break-ins harder for adversaries so that overworked clients don’t have to do it alone.
This report is indispensable if you are determined to safeguard your customers against malicious actors. Read the Active Adversary Report for Tech Leaders to learn how to secure systems better and empower the next defenders of the digital realm.