The Google Mandiant report, as detailed in the M-Trends 2024, highlights a significant reduction in the time it takes for organizations to detect cyber intrusions, marking a notable improvement in cybersecurity defenses globally. It provides a mixed but cautiously optimistic view of the current state of cybersecurity.
Reduction in Median Dwell Time
The global median dwell time, which measures the average duration attackers remain undetected within a network, has decreased to its lowest point in over a decade. In 2023, this figure was recorded at 10 days, down from 16 days in 2022, and significantly lower than the 78 days observed six years ago
Increase in Ransomware Detection
The report attributes part of the reduction in dwell time to an increase in ransomware incidents, which are typically easier to detect due to their disruptive nature. Ransomware-related intrusions accounted for 23% of the total in 2023, up from 18% in 2022. These incidents are generally identified more quickly, with ransomware being detected in about six days when the notification comes from an internal source, and in five days from external notifications
Improvement in Internal Detection Capabilities
There has been a notable improvement in the ability of organizations to detect compromises internally. In 2023, 46% of intrusions were detected internally, up from 37% in 2022. This suggests that investments in cybersecurity tools and training are yielding positive results.
Geographic and Sectoral Variations
📌While the global trend shows improvement, not all regions experienced the same level of progress. For instance, organizations in the Asia-Pacific region saw a dramatic decrease in median dwell time to nine days, whereas in Europe, the Middle East, and Africa, the median dwell time slightly increased
📌Financial services, business and professional services, high technology, retail and hospitality, and health sectors were identified as the most targeted by cyber attackers, primarily due to the sensitive nature of the data they handle
Evolving Threat Tactics
📌The report also highlights a shift in attacker tactics, with an increased focus on evasion techniques. Cyber attackers are increasingly targeting edge devices and exploiting zero-day vulnerabilities to maintain their presence undetected within networks for extended periods
📌Espionage activities, particularly by groups allegedly linked to China, have intensified, with these groups focusing on acquiring zero-day exploits and targeting platforms with minimal security measures
Challenges and Recommendations
📌Despite the improvements, the report underscores the ongoing challenges in cybersecurity. Attackers are adapting quickly, utilizing sophisticated methods such as ”living off the land” tactics and zero-day exploits
📌Mandiant emphasizes the importance of robust security strategies that include effective threat hunting programs and comprehensive investigations and remediations following breaches