7 days to detect and contain a computer attack

Following a study conducted by CrowdStrike / Vanson Bourne among computer security specialists, it was estimated at 162 hours, the average time between a computer security incident and its containment.

It is true that in practice, having the shortest possible response times is really important to minimize the impact of cyber threats that most often fall on computer systems, business activities or even digital data. It was during the Global Security Attitude Survey 2019 study, it takes companies an average of exactly 7 days to address any threat to their systems. And this takes into account "the detection, triage, investigation and containment of the incident. ».In total, the report provides for 162 hours for this long process. to contain the incident, it only takes 31 hours.

This article will also interest you: What is the place of artificial intelligence in the war between hacker and it publishers of antivirus solutions?

Of course this can turn out to be a serious problem resolve as soon as possible. Indeed because of the long response time especially at the detection level in 44% of cases, more than 80% of computer security specialists who were interviewed said they had have been in the inability to prevent hackers who have initiated an attack on their network can access sensitive data during the The last 12 months. This delay in reaction is explained by the large hacker's ability to initiate attacks of a capacity greater than waiting for security professionals. it is one thing that is true today is that they have always one step ahead of computer security specialists, not to mention that there are now several computer systems that are very difficult to update with also sufficient argument the lack of cybersecurity resources deployed by several institutions.

In addition, the study showed that there are 5% of observed companies with the ability to react within the required time frame. "Everything plays in a critical window for cyber defence teams: breakout time, or spread time. This term refers to the time between the infection of a first machine and the time when the threat spreads over the network to other systems (lateral propagation). To be able to respond as quickly as possible to incidents, the most advanced cyber defence companies recommend a three-step rule: 1 minute to detect a threat, 10 to investigate it, and 60 to contain and remedy it. Explains the study. Unfortunately, this standard is difficult if not impossible to apply by the majority of the organizations concerned. 95% of companies approached on the issue acknowledged that they were unable to respond in this way. However, 11 percent of them said they could detect any intrusion for at least a minute. Only 9% say they managed to investigate the attack in about 10 minutes, while 33% claim to be able to contain a computer attack in 60 minutes. Finally, we realize that on a single 5% of companies approach the ability to combine the three essential criteria to survive a computer incident.

In addition, technology institution officials, cybersecurity experts and information systems officials revealed during the study that there are two types of attacks whose speed of tasking are necessary to preserve the integrity of the impacted system: "attacks on the supply chain and geopolitical attacks. ».

Now access an unlimited number of passwords: