Since 2010, Mandiant, a FireEye company, has presented trends, statistics and case studies of cyber attacks involving advanced threat actors. As part of its many global investigations in 2015, Mandiant responded to several breaches in Europe, Middle East and Africa (EMEA). Throughout the year we collected statistics on the investigations specific to the region and analysed the trends.
To share what we have been seeing throughout this past year, we present “M-Trends – EMEA Edition 2016.” This report marks the start of an annual M-Trends edition focused on EMEA. The report aims to empower organisations and the security community, arm them with the knowledge relating to the unique challenges facing the region, and assist in improving security posture to combat advanced attacks.
Some of the key findings include:
- Organizations in EMEA took three times longer to detect a compromise: The mean dwell time (time between compromise and detection) in the region was 469 days, versus a global average of 146 days.
- EMEA organizations cannot rely on local agencies to notify them of compromises: Of all observed compromises in EMEA, 12% of notifications came from an external source. Globally, external sources accounted for 53% of notifications. EMEA organizations discovered breaches internally 88% of the time, but EMEA average dwell time (469 days) suggests this often came too late
- Many organisations in EMEA were re-compromised within months of an initial breach: Unsuitable techniques to hunt for attacks within an environment often resulted in a failure to understand the true scope of the incident. Mandiant consultants found many EMEA organizations still opting for a traditional forensic methodology, only analysing a handful of machines, and subsequently increasing the risk of becoming re-compromised.
The findings show that organisations in the EMEA region have a lot of room to improve their incident detection and response capabilities.
Download M-Trends EMEA Edition 2016 for further insight.
Register for our webinar to discuss the findings with the authors of this report and to learn more about improving an organisation’s security posture.