In what sounds like a positive shift, cybersecurity experts have announced their research has found that cyberattacks are spending less time on the networks they infiltrate. Unfortunately, this isn’t such a clear-cut positive. Today, we’ll discuss “dwell time” and how less of it is a problem.
Dwell time is a term that’s used a lot in technology. Typically, it is used to measure how long a user stays on a particular webpage, but in this context it is the duration a threat comes in contact with the network’s filter before it is detected by the software or a technician. You may be surprised to learn that in the latter context, the median dwell time for malicious code is 24 days. This may seem like an eternity, but just 10 years ago the median dwell time of a threat was well over a year at 416 days.
It’s reasonable to assume that since people are more cognizant of web-based threats and therefore are investing more time and money into cybersecurity initiatives, that the number would shrink rapidly. It stands to reason that the shorter the dwell time is, the more apt a program designed to catch cybersecurity threats would be able to quarantine and eliminate the threat, right? Unfortunately, it’s not so simple.
Many of the attacks we see today are far more sophisticated than they were a decade ago. Threats like ransomware, for instance, are now used more today, and dwell time isn’t as big of an issue. In fact, while your average attack method has a dwell time of 45 days, ransomware’s average is just five before it is deployed and causes you to be locked out of your files or systems. Ransomware doesn’t sit on the network, it is deployed and devastates quickly.
Today more hackers are deploying more ransomware than ever and it’s a major point of emphasis that every network administrator should understand. Not only that, ransomware tactics are becoming more aggressive. Now there is a situation called a “multifaceted extortion” where ransomware is deployed and instead of deleting or stealing the data, they threaten to publish it publicly. Most organizations would do anything to keep their intellectual property and the sensitive information of their clients, vendors, and workers confidential.
Network administrators need to be aware that it’s not just ransomware they have to be on the lookout for. Unpatched software exploits have exponentially risen recently. In fact, over one-quarter of all hacks (29 percent) happen because hackers find an exploit in a business’ network. Phishing, which is often cited as the most dangerous hacking method only accounts for 23 percent.
With the threat landscape the way it is, it is important that you diligently patch your software, keep your tools updated and actively train your employees to help you keep threats off your network. At Horne & Benik, we can help. Give us a call at (603) 499-4400 to learn more about how to ensure your business can navigate through the minefield that’s out there today.
Comments