The average time it takes to identify a breach is 197 days. That's crazy. And then the average time to contain a breach is 69 days.
The Hacker Timeline
What I hear all the time from individuals or business owners is “We got hacked last week" or "We had this incident occur”.
What they don't realize is they weren't really hacked last week. They were hacked six months ago. They just didn't find out about it until last week.
And so, one of the things that's important for everybody to understand and know is how the hackers work. What's their timeline? They've planned, they take their time, they target their victims very specifically. They research and understand who they are and what the potential return is for them.
And then they initialize spearfishing. Malicious emails. Or other exploits. To gain access to that victims, that target’s systems. And once they get in, they only need a little foothold. They don't need full access to everything right away.
Heck, if the average time is six months, they’ve got plenty of time to get everything or figure out what they need, so all they look for is a foothold.
And once they get that foothold, they determine, OK, who am I? Where am I at? Where can I go and who do I need to be? And at that juncture, at that point, they start moving laterally within the organization.
And once they've moved laterally and they have access to more information, that's when they start stealing your data. That's when they start setting up additional back doors so they can get in if their original way is blocked.
They start hunting users and specifically go after the bookkeepers, the controllers, and the CEO's. Those who control the money because what's their incentive here? They're financially incentivized.
It's a trillion-dollar enterprise.
Now once they've done all that and they've been in your system. That's when they start detonating the attacks. That's when they detonate ransomware.
Cybersecurity Monitoring Tools to Detect and Respond
One of the things that has really changed over the last couple of years in cybersecurity are the measures to prevent and reduce this lateral movement within organizations because what happens? Yes, we have our firewalls, we have our antivirus software. But what happens when they get past that? What do we do?
For a long time, the industry was focused on the perimeter. Now they're realizing we need to plan on breaches or incidents because they're going to happen.
It's not a matter of if, it's a matter of when. Every organization needs to plan for it to happen.
It's just when there's an incident, how far are you going to let them get into your organization before you catch them and before you block them and react and respond?
Teknologize is a SOC 2 accredited, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:
- Tri-Cities, Washington 509.396.6640
- Yakima, Washington 509.396.6640
- Bend, Oregon 541.848.6072
Questions about your IT or Cybersecurity? Give us a call today!