The amount of time hackers spend inside the networks of compromised organisations before being uncovered has massively declined across Europe — and GDPR is a key reason for the drop.
Analysis of cyberattacks by researchers at cybersecurity company FireEye reveals that the median dwell time from the start of an intrusion to it being identified has fallen from 177 days last year to 54 days now — a 70% decrease.
The conclusion in the newly released FireEye Mandiant M-Trends 2020 Report is that this is down to the European Union’s privacy-boosting General Data Protection Regulation (GDPR).
GDPR requires organisations that uncover a data breach to report it to the relevant data protection authority within 72 hours of the incident coming to light.
SEE: IT pro’s guide to GDPR compliance (free PDF)
Failure to do this, or being found to be otherwise non-compliant with the legislation, could result in a significant financial penalty. This has encouraged organisations across Europe to increase their focus on cybersecurity, leading to intrusions being uncovered much quicker than before.
“GDPR pushed organisations to implement new policies, reviews and a new focus to get better at detection,” David Grout, CTO for EMEA at FireEye, told ZDNet.
“The buzz around the topic leading up to the GDPR deadline helped to get it in front of senior execs outside of the IT team. Many of them saw the importance of GDPR compliance and they supported measures to improve defences and breach identification,” Grout said.
While the legislation only applies to the European Union, the impact is also felt by global organisations that do business or transfer data in Europe. That appears to have had an impact on the median dwell time across the globe, which is down from 78 days to 56 days.
However, one in ten FireEye investigations still involve organisations that had cyber attackers intruding on the network for over two years, indicating that cyber criminals — and in some cases, nation-state backed hacking operations — can still remain very stealthy when compromising networks.
“Some of them are being targeted by highly skilled APT [Advanced Persistent Threat] groups that are able to hide themselves for a long time after the initial breach,” said Grout.
SEE: 2020 is when cybersecurity gets even weirder, so get ready
One of the most common weaknesses exploited by attackers — as identified in the report — is the failure to enforce multi-factor authentication (MFA) on the enterprise network. A lack of MFA means that cyber criminals who successfully breach or steal passwords can easily gain access to networks.
Multi-factor authentication adds an extra barrier that can prevent attackers doing damage, and also alerts the security team that something might be wrong before the problem escalates.
Organisations should also ensure that operating systems and software are both patched and up-to-date, because in many cases cyberattacks are exploiting known vulnerabilities to drop malware and compromise networks. Applying security updates when they arrive can go a long way towards keeping hackers out of the network in the first place.