Organizations are closing the skills and preparedness gap between hackers and themselves, improving a picture that's all too often painted as grim. That means we — at least those of us in the Western Hemisphere — are getting pretty good at cybersecurity, according to the latest numbers from one of the largest cybersecurity firms.
The bottom line: “It’s strange to hear, but things are actually getting better,” said Charles Carmakal, vice president at Mandiant, which released its yearly report yesterday.
The big picture: In a report that contains plenty of potentially alarming material, including multiple sections on the growing Iranian threat, Carmakal said its most important statistics are those on who first noticed data breaches and how they did it.
For all the high profile coverage of massive, often careless breaches, there’s reason to think defenders are outpacing attackers.
- 64% of North and South American breaches investigated by FireEye are detected by the victim rather than by a third party (like law enforcement).
- That’s a sizable improvement over 2011, when only 6% were detected internally.
- This year was also an improvement over 2016, when 53% of breaches were detected by the victim.
- “There is absolutely an improvement in organizational capability,” said Carmakal.
Why it matters: Who notices hackers makes a big difference in how fast the hackers get caught. Internal detection is much faster, so hackers are in systems for less time than they used to be. In the U.S., it’s a threefold difference.
- The worldwide median dwell time — the time hackers can spend in a system without being caught — is only a quarter of what it was in 2011, but roughly the same as last year.
- According to the report, median dwell time is lower in the Americas: 75.5 days, compared to 175 days in the European, Middle Eastern and African markets, and 498 in Asia Pacific markets.