Cyberattackers Can Cause Damage in the Blink of an Eye

Cyber experts may have been pleased that the average dwell time for intruders in 2017 was a mere 101 days, but now there’s a new statistic to worry about: 19 minutes.

That’s the incredibly short amount of time it takes for Russian adversaries to move inside a network and cause damage, according to a report by CrowdStrike. 

North Korean hackers are the second-­fastest, with a breakout time of 2 hours and 20 minutes; the Chinese come in third at 4 hours. Overall, the average breakout time is about 4 hours and 37 minutes, CrowdStrike writes in its 2019 Global Threat Report.

“As defenders get better at hunting for and identifying intrusions, it has become more important for threat actors to raise their game and accomplish their mission as rapidly as possible,” the report states.

The average breakout time has risen since 2017, when it was 1 hour and 58 minutes. The report attributes this to an increase in the number of slow-moving adversaries, plus improved security.

But, notes the report, “it is not the sophistication of the tools — which can be bought or stolen from others — that determines the capability of the adversary, but rather their operational tradecraft and how rapidly they can achieve their objectives.”

The fastest adversaries are not always the most dangerous, states the report: “It doesn’t account for volume of activity — just their speed of lateral movement within the network. Slow adversaries can still cause tremendous damage if they have the motivation to do so.”