Skip to main content

Mandiant M-trends report shows that only a third of organisations detect network breaches themselves

FireEye has published its fifth yearly Mandiant M-trends report, which takes a broad overview of emerging security threats on a global scale, using data compiled by Mandiant throughout last year.

The "Beyond the Breach" report looks at cyber-security and how efficiently organisations are responding to threats, and there is a bit of good news in that the time taken to identify a breach is decreasing.

The median average time an intruder was present on a victim's network undetected decreased from 243 days in 2012 to 229 days last year – that's not much of a drop, mind, and certainly not compared to the decrease from 2011's average of 416 days.

The bad news is that organisations aren't picking up intrusions themselves as much as they were in 2012, with self-detection rates dropping from 37 per cent to 33 per cent in 2013.

Employees of larger firms should also be aware that in terms of phishing emails, close to half of those mails observed pretended to be from the company's IT department, as an obviously trusted source – so read your IT-related email carefully!

Mandiant also noted an increased level of activity for politically-motivated profile-raising attacks on the private sector, singling out the Syrian Electronic Army (SEA) as the obvious offender here.

Kevin Mandia, SVP and COO of FireEye, commented: "It is hard to overstate how quickly cyber-security has gone from a niche IT issue to a consumer issue and boardroom priority. Over the past year, Mandiant has seen companies make modest improvements in their ability to attack the security gap. On the positive side, organisations are discovering compromises more quickly, but they still have difficulty detecting said breaches on their own."