Only 47% of Organizations Discover Breaches Internally as Disruptive Attacks Become More Common, According to Latest M-Trends Report from FireEye

FireEye, Inc. (NASDAQ: FEYE), the leader at stopping today's advanced cyberattacks, today announced the release of its annual Mandiant M-Trends® report. Compiled from advanced threat investigations conducted by Mandiant’s leading consultants in 2015, “M-Trends 2016” details the leading cyber trends and tactics threat actors used to compromise businesses and steal data.

“In 2015, we continued to be reminded that there is no such thing as perfect security,” said Kevin Mandia, SVP and President, FireEye. “Based on the significant number of incidents that Mandiant investigated in 2015, threat actors are finding inventive and disruptive ways to skirt even the best defenses, resulting in informational, financial and reputational loss.”

Some of the report’s key findings include:

• More breaches were publicized.

A larger number of breaches were made public (both voluntarily and involuntarily) than at any other time in the past.

• The time it takes organizations to discover compromises continues to drop. The median number of days attackers were present on a victim’s network before being discovered dropped to 146 days in 2015 from 205 days in 2014; however, breaches can go undetected for years.
• Fewer breaches are discovered internally. Mandiant observed that only 47% of organizations discovered breaches on their own, while 53% were discovered by external parties.
• Breaches continue to be discovered by third-party sources. 

Mandiant’s investigations of attacks show that external identification takes longer, with an average of 319.5 days from compromise to discovery. Internal discovery takes an average of 56 days.

• Disruptive attacks are becoming more common. Over the past year, Mandiant responded to incidents where attackers destroyed critical business systems, leaked confidential data, held companies for ransom, and taunted executives. Some attackers were motivated by money, some claimed to be retaliating for political purposes, and others simply wanted to cause embarrassment.
• The nature of cyberthreat actors have changed greatly.

2015 saw the location and motives of cyberattackers become more diverse.

• More Russia-based threat actors.

It was observed that a larger incidence of cyberattacks, both nationally sponsored and traditionally motivated financial attack groups, originated from Russia.

• A Rise in Red Teaming.

In light of the current cybersecurity scenario, more and more organizations are showing an interest in testing their cybersecurity capabilities through threat simulations designed to emulate real-world advanced attacks.

To view a full copy of the 2016 Mandiant M-Trends report, please visit: ttps://www2.fireeye.com/M-Trends-2016.html?utm_source=social&utm_medium=blog&utm_campaign=mtrends2016