You Have Twenty Minutes to Respond!

Why do you need a finely tuned cyber incident response program? This is why.

The security firm Crowdstrike rated threat groups based on their breakout time.

Breakout time means the time between the initial infection and when the attackers move laterally across the network. The shorter the breakout time, the faster the attacker takes over your network.

About the same time of the famous Sony attack/disaster, Sheldon Adelson’s Sands Casino chain got hit with a similar attack. Except they were ready. I will spare you the details unless you buy me a beer, but visualize geeks wearing pocket protectors running across casinos pulling the plug on pit bosses’ computers to stop them from being infected. Bottom line – no committees. No meetings. No approval. Just action. And while we still talk about the Sony attack, most people don’t even know about the Sands attack.

Back to Crowdstrike. Guess how long it takes for the quickest group to break out?

T W E N T Y M I N U T E S ! ! !

Crowdstrike says that the Russians took an average of 18 minutes 49 seconds to break out.

Think about that for a minute.

Not a lot of time to call a team meeting. All there is time for is to execute a well tuned plan.

The North Koreans were next at 2 hours and 20 minutes.

The Chinese hackers took 4 hours.

Iranians took 5 hours and 9 minutes.

Finally, your vanilla cybercrime gangs took 9 hours and 42 minutes.

Crowdstrike said that the overall average was 4 hours 37 minutes. This is a significant improvement from the previous year’s average of 1 hour 57 minutes.

Of course that could all change if there is a new attack discovered.

Bottom line is that corporate America needs to up its incident response game to keep up with the hackers.

Need help with YOUR incident response program – contact us.

Source: ZDNet