Security Breaches Still a Major Issue for Businesses
This year's Mandiant M-Trends report found that phishing emails largely look to capitalize on trust in IT departments by impersonating those targeted IT departments.Cyber-security specialist FireEye announced the release of the fifth annual Mandiant M-Trends report, compiled from advanced threat investigations conducted in 2013 by Mandiant, which FireEye acquired late last year. One of the significant findings in the report was that the median number of days attackers were present on a victim's network before being discovered dropped to 229 days in 2013 from 243 in 2012. While the study noted this improvement is incremental relative to the drop from 416 days in 2011, organizations can be unknowingly breached for years. The longest time an attacker was present before being detected in 2013 was six years and three months. "It is hard to overstate how quickly cybersecurity has gone from a niche IT issue to a consumer issue and boardroom priority," Kevin Mandia, senior vice president and chief operating officer of FireEye, said in a statement. "Over the past year, Mandiant has seen companies make modest improvements in their ability to attack the security gap. On the positive side, organizations are discovering compromises more quickly, but they still have difficulty detecting said breaches on their own. It is our focus to bridge that gap and continue the positive trends our customers are seeing."
The report also indicated phishing emails largely look to capitalize on trust in IT departments, as 44 percent of the observed phishing emails sought to impersonate the IT departments of the targeted organizations. The vast majority of these emails were sent on Tuesday, Wednesday and Thursday.