Stories

More companies are detecting breaches internally

A person types on a laptop in Miami.
A person types on a laptop in Miami. Photo: Wilfredo Lee / AP

More businesses are detecting breaches internally, and they’re doing it faster than before, according to CrowdStrike’s Cyber Intrusion Services Casebook of 2017, which analyzes the businesses the cybersecurity technology company worked with this year.

Why it matters: The most visible news about breaches is likely going to be about those businesses that are caught off guard — but that may not be representative of the majority of breaches businesses are dealing with. Per CrowdStrike, this shows companies are improving their security hygiene practices and investing in resources to better detect attacks.

The analysis shows:

  • 68% of businesses were able to internally identify a breach in 2017, up 11% over the year before.
  • The average number of days between the first evidence of an attack and initial detection was about 86 days. “That continues to tick down year over year,” Bryan York, CrowdStrike’s director of services, told Axios.
  • The majority (66%) of hacks are malware-free attacks — for example, spear phishing to gain logins and passwords.
  • Ransomware and destructive malware hacks are increasingly employing methods that are self-propagating, meaning they don’t require human interaction or clicking to spread through systems. York suggests segmenting privileges in systems so that propagation is more difficult, but noted “when it comes to preventing this there’s no magic bullet.”