Organizations Need to Address “Breakout Time” CrowdStrike Report Says
Organizations should follow the 1:10:60 rule: One minute to detect threats, ten minutes to investigate, and 60 minutes to contain and remediate an incident, endpoint security provider CrowdStrike said in a recent report.
But few do and most are underprepared to address breakout time, or the window between when an intruder compromises the first machine and when they can move laterally to other systems on the network, according to CrowdStrike’s 2019 Global Security Attitude Survey. On average, the process of detecting, triaging, investigating, and containing a cyber incident takes organizations globally 162 hours, with an average of 31 hours to contain a cybersecurity incident once it has been detected and investigated.
The compile the data CrowdStrike surveyed some 1,900 IT decision-makers and IT security professionals in the U.S., Canada, U.K., Mexico, Middle East, Australia, Germany, Japan, France, India and Singapore across major industry sectors. Eighty percent of those respondents indicated that in the last 12 months they have been unable to prevent intruders on their networks from accessing their targeted data, with 44 percent pointing to slow detection as the cause.
Some of the study’s notable findings include:
- On the 1:10:60 rule, only 11 percent of respondent organizations can detect an intruder in under one minute, only 9 percent can investigate an incident in 10 minutes, only 33 percent can contain an incident in 60 minutes, and only 5 percent can do all three.
- Intruder detection is the primary IT security focus for only 19 percent of respondents, despite 86 percent seeing one-minute detection as a cybersecurity game-changer for their organization.
- The number who had experienced multiple supply chain attacks doubled from 16 percent to 34 percent in the past 12 months. Concerns surrounding supply chain attacks decreased on a global average from 33 percent in 2018 to 28 percent in 2019.
- The number of organizations paying ransoms to retrieve data encrypted in a software supply chain attack rose from 14 percent to 40 percent.
- An average of 83 percent of respondents believe that nation-state sponsored attacks pose a clear danger to organizations within their country, with the U.S. (84 percent) experiencing the most heightened sense of risk from nation-state threats.
“Organizations are challenged to achieve the kind of speed required to match sophisticated nation-state and eCrime adversaries known to be targeting organizations, from governments to enterprises,” said Thomas Etheridge, CrowdStrike Services vice president. “Forward-leaning companies must embrace the cloud for endpoint security to give their teams comprehensive visibility and crowdsourced protection to address effectively a full range of security and operational needs.”