Hackers Linger Three Times Longer Inside APAC Networks

The average dwell time before cyber-criminals are discovered inside victim networks in APAC is more than three times the global median of 146 days, according to a new report from Mandiant.

The FireEye division’s latest M-Trends study focuses on Asia Pacific for the first time, revealing a region lagging the rest of the world on cybersecurity.

Incident investigation stats for 2015 revealed the median time of compromise to discovery of an attack was 520 days, much higher than the global figure although not much bigger than EMEA (469 days).

As Mandiant says in the report, “seventeen months provides ample time for any attacker to progress through the full attack life cycle and achieve multiple goals within their mission objectives.”

Not just that, but most breaches are never made public thanks to a lack of notification laws; a dangerous situation given the inability of many organizations to identify and respond to security incidents.

They lack the technology, the expertise and the incident response plans to effectively respond, the report claimed.

Mandiant also argued that many of its clients had conducted their own forensic investigations prior to hiring the firm, but that they often failed to kick the hackers out of their network and frequently made things worse by destroying vital evidence.

The report advised the minimum organizations should be looking to achieve in order to check for a possible compromise is: to review network ingress and egress points and monitor each relevant app service; review security logging devices to check how risks will be identified; and adopt behavioral analysis detection.

In building an effective response plan, organizations must first assemble a crisis management team before scoping the incident, and avoid premature remediation which could leave threat actors inside networks.

AlienVault security advocate, Javvad Malik, argued that cultural difference may be at the root of APAC’s relatively low level of cybersecurity maturity.

“As more countries, businesses, critical infrastructure and citizens become more reliant on technologies, it is vitally important security is given serious consideration and companies are given more freedom and direction in how they should protect their assets,” he added.

“Much like turning the Titanic, it won’t be quick or easy, but essential to safeguard national interests going forward.”

What’s Hot on Infosecurity Magazine?