FireEye announces release of first Mandiant M-Trends EMEA report

FireEye announces release of first Mandiant M-Trends EMEA report

FireEye has announced the release of the first Mandiant M-Trends EMEA report. M-Trends EMEA drills down into the statistics collected during investigations conducted in EMEA by Mandiant’s leading consultants in 2015 and details cyber trends and tactics threat actors used to compromise businesses and steal data.

Some of the key findings include:

  • Organisations in EMEA took three times longer to detect a compromise: The mean dwell time (time between compromise and detection) in the region was 469 days versus a global average of 146 days.
  • EMEA businesses can’t rely on local agencies to receive a notification of compromise: Only 12% of the observed compromises of organisations in EMEA were detected by an external source. This is a huge disparity with global figures, where external sources accounted for 53% of detections globally. Whilst, through necessity, EMEA organisations discovered breaches themselves 88% of the time, EMEA average dwell time (469 days) would suggest this often came too late.
  • Many organisations in EMEA were re-compromised within months of an initial breach: Unsuitable techniques to hunt for attacks within an environment often resulted in a failure to understand the true scope of the incident. Mandiant consultants found many EMEA organisations still opting for a traditional forensic methodology, only analysing a handful of machines, and subsequently increasing the risk of becoming re-compromised.

“With threat actors targeting EMEA organisations with a multitude of motives from strategic intelligence to media impact and brand damage, concerns around advanced cyber threats have swiftly spread from the IT department up to the boardroom,” said Stuart Davis, Director at Mandiant. “The majority of organisations need to move away from the traditional methodology of responding to incidents as otherwise the dwell time will not decrease at a fast enough rate. This, coupled with the fact that some EMEA governments are at various levels of maturity with their national CERT capabilities / mandate, has resulted in businesses being under tremendous pressure to detect threats themselves and, according to our statistics, they simply have not been quick enough to do so. From our observations, there are clearly some stark contrasts between EMEA and the rest of the world, which boardrooms in the region need to address.”

Browse our latest issue

Intelligent CISO

View Magazine Archive