The majority of cyberattacks successfully infiltrate organisations’ production environments without their knowledge, according to a new report from FireEye.
Based on an analysis of real attacks, specific malicious behaviours and actor-attributed techniques, the report states that 53 percent of attacks successfully penetrated IT environments without detection. Meanwhile, just a third (33 percent) were stopped in their tracks by a security tool.
Further, the report claims most organisations don’t have the proper visibility into serious threats, with alerts triggered for less than one in ten attacks. In almost half the cases, security environments were not able to prevent or detect the delivery and movement of malicious files.
Criminal reconnaissance also goes widely undetected among enterprises, as just four percent of invasive surveillance activities trigger an alarm.
Chris Key, Senior Vice President at Mandiant Security Validation, believes organisations are living in ignorance.
“Every organisation wants reliable data that tells them if their security investments are delivering real value and protecting them from becoming the next major cyber-attack headline,” he said.
“Our research shows that while the majority of companies assume they’re protected, the truth is that more often than not, they are exposed.”