Enterprise organizations have a lot to handle in the era when cyberattacks have become not just a tangible threat but a lived reality. Statistically, two-thirds of all organizations report up to 25 security breaches every month. At the same time, one in five respondents admits that they have only limited or temporary resources to respond to an incident. Undoubtedly, managing breaches post-factum is extremely costly in terms of time, money, and effort. A business that has been under attack has to mobilize resources to face the issue instead of pouring them into more productive ventures. It comes as no surprise that some incidents are “lethal.” For example, 60% of small businesses go off the market six months after a cyberattack (Koulopoulos, 2017). For the reasons stated above, prioritizing preventive measures and not actual incident management is the superior solution.
In cybersecurity, it is the speed that defines the success of both the defender and the attacker. In its recent annual report, the leading cybersecurity company Crowdstrike published some concerning findings regarding the efficiency of the world’s top cyber adversary groups. Apparently, it takes an independent cyber-criminal around 9.5 hours to obtain illicit access to a target’s network (Crowdstrike, 2019). Professional hacker groups are even faster: the Chinese complete the task in four hours while the Russians’ breakout time is a record 19 minutes (Crowdstrike, 2019). Every minute that a company does not use to its advantage gives hackers a chance to cause greater damage.
When looking at the average “breakout” time of 4 hours 27 minutes, it may not seem particularly speedy. Yet, it is a dangerous illusion: in fact, it may take business days if not weeks to identify security anomalies, suspicious network activity, or hacking attempts. According to data insights from IBM, an average company spends 197 days to identify and 69 days to contain a security breach. Conversely, enterprises that handle the incident in under a month spare themselves up to one million dollars. What they also avert is dreadful lawsuits from consumers and independent agencies outraged by a business’s poor risk response or inaction. Therefore, avoiding security breaches through timely identification does not just save money – it salvages a reputation that takes years to establish.
Any discussion about the importance of speed in cybersecurity cannot leave out key terms such as MTTD, MTTF, MTBF, and MTTR. Below is a quick definition of each of them:
- MTTD (mean time to detect) is the amount of time that takes a company to identify a potential security incident;
- MTTF (mean time to failure) is how long a defective system can run until it shuts down;
- MTTR (mean time to respond) is how long it takes a team to get a grip of, remediate, or eliminate a threat after it has been identified;
- MTBF (mean time between failures) is a metric that reflects the reliability and availability of a system. It is used to evaluate the system’s performance under predetermined conditions for a set amount of time.
Improving the aforementioned metrics is an investment into the survivability of a business. Leveraging high-quality threat intelligence and actionable risk intelligence data applicable to your business may reduce the mean time to detect. It also helps to be more aware of the indicators leading to possible security incidents earlier than it will happen. All the existing data suggests that prevention trumps actual incident management. It deescalates critical situations and averts long-term damages. Not only does it help a business stay on the safer side but also gives it a competitive advantage against contenders.
References
Crowdstrike. (2019). Crowdstrike annual threat report details attacker insights and reveals industry’s first adversary rankings.
IBM. (2020). Cost of a data breach report. Web.
Koulopoulos, T. (2017). 60 percent of companies fail in 6 months because of this (it’s not what you think). Inc. Web.