Intrusion detection and breach containment times improve

cyber risk

Intrusion detection and breach containment times improved during 2016, but other threats like malvertisements became cheaper and malicious spam saw increases, according to the 2017 Trustwave global Security Report.

The research found that the average number of days from an intrusion to detection of a compromise decreased to 49 days in 2016 from 80.5 days in 2015, with values ranging from zero days to almost 2,000 days (more than five years). For internally detected incidents the average was 16 days, while 65 was the average number of days for externally detected incidents. On average, it took companies 2.5 days to contain a breach after it was detected.

More than half of the incidents Trustwave investigated targeted payment card data. At 33% of incidents, card track data primarily came from point-of-sale environment, whereas card-not-present data, at 30%, mostly came from e-commerce transactions. Financial credentials, including account names and passwords for banks and other financial institutions, accounted for 18% of incidents, followed by other targets.

Last year, the estimated cost for cybercriminals to infect 1,000 vulnerable computers with malvertisements was only $5 – less than $0.01 per vulnerable machine. Malicious advertising remains the number one source of traffic to exploit kit landing pages.

In 2016, 35% of spam messages contained malware, up from 3% in 2015. Meanwhile, 60% of all inbound email was spam, up from 54% in 2015.

Trustwave chief executive and president Robert J. McCullen said, “Cybersecurity in 2016 had both highlights and lowlights. As our data breach investigations and threat intelligence show attackers continue to evolve their tactics and focus on extreme paydays as cybercrime becomes more like genuine businesses. Meanwhile security skills and talent remain scarce. As an industry, we must continue to focus on key areas like threat detection and response, security scanning and testing and cloud security services that provide meaningful layers of protection from constantly evolving threats.”