Get Insights from our experts delivered right to your inbox!
Subscribe to the Softtek Blog
An increasingly common mindset in the field of cybersecurity is that instead of concentrating efforts on keeping cybercriminals out of a company’s network, they are starting to focus on assuming that it is possible that eventually these cybercriminals break the defenses of the company’s network or even that are already inside, and therefore must be detected as soon as possible.
This is a mentality that seems to have been quite well in companies, since according to a study by the firm Trustwave, this year has improved the speed with which intrusions are detected, as well as the containment times.
The Trustwave study recorded dates of intrusion duration, detection and initial containment whenever possible. According to the study in some cases, containment can occur before detection, for example, such as when a software update stops an attack before it is discovered.
However, the durations varied greatly in the incidents investigated in the study, but an improvement could be seen. It now takes an average of 49 days to detect an intrusion, well below the 80.5 days it took in 2015.
On the other hand, the time that now passes from the time that the intrusion is detected until it is solved is 62 days, a figure that, according to the study, has barely changed compared to the 63 days it took two years ago.
When detecting an intrusion internally the times are shorter, between an average of 16 days compared to the 15 days it took in 2015. Conversely, in cases where victims did not learn of the intrusion until regulators and other third parties reported it the duration was generally much longer.
According to trustwave’s study, the industry that suffers the most attacks is retail with a 22%, followed by the food and beverage industry, with almost 20%. Finance and insurance, with the 14t%, and hospitality with the 13%, were the most affected, while other sectors accounted for less than 5% of the incidents.
On the other hand, the study also noted that incidents in POS systems have grown, and that in addition, data taken from credit card payments are the most at risk of being intercepted.
In addition, different industries may face different types of attacks, for example, most incidents affecting the food and beverage industry target POS (Point-of-Sale) infrastructures. In addition, the retail industry, which includes both e-commerce sites and physical stores, experienced the highest percentage of incidents affecting e-commerce assets.
Another important finding of the Trustwave study is that nearly half of the incidents detected occurred in North America, namely 49%,four points more than the 2015 percentage that was 45%. This is followed by the 21% Asia-Pacific region (APAC), with 20% the region of Europe, the Middle East and Africa (EMEA), and with 10% Latin America and the Caribbean (LAC).
As for the type of attack that was received in each region, according to the study, POS environments were more common in North America, which has taken longer than most regions of the world to adopt the standard version of the EMV payment card (also called chip and PIN).
But even though it takes less time to detect intrusions, the truth is that they have continued to grow and expand, and this is of great concern to companies and public bodies around the world, and not just because of the volume , but also because these intrusions are becoming more sophisticated and causing more and more damage. An example of this would be the global attack by the WannaCry ransomware.
InnoTec, a cybersecurity company, recently stated that in 2016 it handled more than 24,000 cybersecurity incidents.
“The volume of threats continues to grow year after year. Specifically, our company has gone from handling around 3,500 cybersecurity incidents in 2012 to about 24,000 in 2016, figures that highlight the importance of these threats,” said Félix Muñoz, managing director of cybersecurity Innotec.
On the other hand, McAfee, in its latest report, reveals% that new malware samples grew by 22% in the last four quarters to 670 million known samples today.
In addition, in the first quarter of 2017 McAffe recorded 244 new threats every minute, which equates to 4 threats per second. And what has also grown has been mobile malware, which has increased by 79% in the last four quarters and currently 16.7 million samples are known.
On the other hand, according to the McAfee study, ransomware has remained one of the big points of conflict after the WannaCry attack, and has grown by 59% in the last four quarters to 9.6 million known samples.
The latest cyberattack with this type of malware that is known took place last Tuesday 27, when the National Cryptological Center (CCN), attached to the National Intelligence Center (CNI), confirmed that a cyberattack of a ransomware virus of the Petya family, which has similar behavior to WannaCry, against several multinationals based in Spain, also companies located in Russia, Ukraine, Denmark and the United States, is well known to have attacked computer equipment of more than 80 multinationals around the world.
Cybersecurity experts are learning more about this virus which Europol has described as “more sophisticated” than WannaCry. “There are clear similarities between this attack and WannaCry but it seems more sophisticated when it comes to exploiting the weaknesses of the teams,” said Europol Director Rob Wainwright in a statement.
From the CCN-CERT National Cryptologic Center they ensured that the ransomware of this new cyberthreat affected Windows systems, encrypting the operating system or hard drive.