Global Dwell Time Drops but EMEA Lags

Written by

Global organizations are getting better at finding threat actors in their networks, but the EMEA region still trails the rest of the world in doing so, according to Mandiant.

The threat intelligence vendor’s latest annual M-Trends report revealed that the global median dwell time decreased from 24 to 21 days between 2020 and 2021. It refers to the median number of days an attacker is present in a victim’s environment before being detected.

While the figure remained the same over the period for the Americas (17 days), it dropped significantly in APAC – from 76 to 21 days – and in EMEA – from 66 to 48 days.

However, that leaves EMEA still recording the longest dwell time of any region and more than double the global median.

Alongside APAC, it is also the region where most intrusions were detected by external third parties (62%). In the Americas, by contrast, 60% of intrusions were detected by the victim organizations themselves.

External parties, in this case, could be security vendors or partners, or even the threat actors themselves, as is often the case with ransomware and other extortion attempts.

Jamie Collier, a senior threat intelligence advisor at Mandiant, said the findings show EMEA organizations still lack the maturity of many of their global peers, despite making improvements.

“Organizations able to detect malicious activity themselves ultimately stand a far better chance of foiling successful cyber-attacks. EMEA organizations should ideally be looking to build a proactive security posture through threat hunting, intelligence-led detection efforts, and proactively inserting security controls mapped to prominent threats and adversary tactics,” he continued.

“This, combined with a far greater impetus from leadership teams to prioritize cybersecurity – which has been triggered by both the recent rise in ransomware and the Russia-Ukraine crisis – means that there is now a clear opportunity to implement robust security plans over the next 12 months.”

EMEA is also a large region, with a huge variation in maturity between individual countries, Collier cautioned.

“Regional CISOs and security leaders should therefore ensure this variability is accounted for in their plans. They will often be defending in a vast space with disparate security practices and response readiness,” he added.

“So, it is important to adopt an approach that accounts for the specific challenges across different geographies in EMEA; whether that be in their external threat landscape or internal security maturity.”

What’s hot on Infosecurity Magazine?