These days, it seems, one of the most important jobs of an IT staff would be to detect a cyber attack.
Actually, though, companies are increasingly reliant on third-parties to notify them that their security has been compromised, according to a new report from FireEye’s Mandiant unit.
Companies are continuing to find cyber attackers sooner. In its latest annual cyber-threat report, Mandiant, an incident response service, said the average time a company takes to detect a data breach fell to 205 days in 2014, down from an estimated 229 in 2013 and 243 in 2012.
But as cyberattacks increase in complexity and sophistication, companies don’t always have the in-house resources to detect them. As a result, only 31% of organizations discovered they were breached through their own resources last year, compared with 33% in 2013 and 37% in 2012.
Business and professional services and retail operations saw the most online intrusions from malicious hackers in 2014, with Mandiant finding that a common thread in these breaches is a lack of basic security protocols, such as two-factor authentication. Without two-factor authentication safeguards, a single stolen credential — obtained through phishing campaigns or social engineering — can leave an entire network vulnerable.
Other emerging targets for hackers include government and international organizations and healthcare. Media and entertainment was down to 8% of intrusions from 13%—despite the much-publicized hack of Sony Pictures.
“There is no such thing as perfect security,” Kevin Mandia, senior vice president and COO of FireEye, told ZDNet. “Based on the incidents that Mandiant investigated in 2014, threat actors have continued to evolve, up their game, and utilize new tools and tactics to compromise organizations, steal data, and cover their tracks.”
An increasingly popular trick among phishers, Mandiant found, is to pose as IT employees asking for updated credentials. Such impersonations accounted for 78% of all phishing in 2014, compared with just 44% in the previous year.
Mandiant also said that once they have infiltrated a network, more cybercriminals are using “complex” tactics to avoid detection, such as hiding away through Windows Management Instrumentation, a set of specifications from Microsoft for consolidating the management of devices and applications in Windows.