Security Breaches Still a Major Issue for Businesses | eWeek

Security Breaches Still a Major Issue for Businesses

Security Breaches Still a Major Issue for Businesses
Écrit par
Nathan Eddy
Nathan Eddy
Apr 15, 2014
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Cyber-security specialist FireEye announced the release of the fifth annual Mandiant M-Trends report, compiled from advanced threat investigations conducted in 2013 by Mandiant, which FireEye acquired late last year.

One of the significant findings in the report was that the median number of days attackers were present on a victim’s network before being discovered dropped to 229 days in 2013 from 243 in 2012.

While the study noted this improvement is incremental relative to the drop from 416 days in 2011, organizations can be unknowingly breached for years. The longest time an attacker was present before being detected in 2013 was six years and three months.

“It is hard to overstate how quickly cybersecurity has gone from a niche IT issue to a consumer issue and boardroom priority,” Kevin Mandia, senior vice president and chief operating officer of FireEye, said in a statement. “Over the past year, Mandiant has seen companies make modest improvements in their ability to attack the security gap. On the positive side, organizations are discovering compromises more quickly, but they still have difficulty detecting said breaches on their own. It is our focus to bridge that gap and continue the positive trends our customers are seeing.”

The report also indicated phishing emails largely look to capitalize on trust in IT departments, as 44 percent of the observed phishing emails sought to impersonate the IT departments of the targeted organizations. The vast majority of these emails were sent on Tuesday, Wednesday and Thursday.

In 2012, 37 percent of organizations detected breaches on their own; this number dropped to just 33 percent in 2013, suggesting that organizations in general have yet to improve their ability to detect breaches.

Compiled from advanced threat investigations conducted by Mandiant in 2013, the report details the tactics used by threat actors to compromise organizations and steal data, and also highlights emerging global threat actors, their suspected motives, as well as the types of targets and information they are after.

Multiple investigations at energy sector companies and state government agencies of suspected Iran-based network reconnaissance activity indicate that threat actors are actively engaging in surveillance activities.

“While these suspected Iran-based actors appear less capable than other nation-state actors, nothing stands in the way of them testing and improving their capabilities,” the report noted.

In addition, over the past year, Mandiant responded to an increased number of incidents where political conflicts between nations spawned cyber-attacks that impacted the private sector.

Specifically, Mandiant responded to incidents where the Syrian Electronic Army (SEA) compromised external-facing Websites and social media accounts of private organizations with the primary motive of raising awareness for their political cause.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.