Infocyte’s Mid-market Threat and Incident Response Report Reveals Persistent Threats and Vulnerabilities Can Remain for Years
Infocyte’s Inaugural Threat and Incident Response Report for Q2 2019 Shows that Small and Mid-sized Companies Remain Especially Vulnerable to Persistent Compromises Compared to Large Enterprises.
AUSTIN, TEXAS, JULY 11, 2019 — Infocyte, a pioneer in proactive threat and vulnerability detection and incident response (IR), today released its inaugural Mid-market Threat and Incident Response Report for Q2 2019. The report found that despite sophisticated prevention security tools, small to mid-sized organizations continue to be especially vulnerable to long lasting breaches due to their inability to support the level of IT staffing traditionally required to run a comprehensive detection and response function.
Key findings include:
- Our unique method for measuring threat Dwell Time shows a significant departure from other industry reports; varying greatly by the type of threat found (averages ranging from 43 to 869 days) and a more significant problem for small and mid-sized organizations.
22 percent of small and mid-market organizations’ networks have encountered a Ransomware attack that bypassed their preventive security controls.
- Fileless attacks using memory injection techniques are becoming common — Infocyte’s report concludes the widest study of this technique’s use in production networks.
- A majority of attack detections are being made with generic detectors like machine learning scores, making it more difficult to communicate risk or impact for orgs without the right analysis expertise.
- We find riskware (includes unwanted applications, web trackers, and adware) are pervasive but a correlation exists between organizations that struggle with controlling unwanted apps and low readiness to handle the significant attacks when they do occur.
“There is still a lot of work to be done to improve detection the response readiness of small and mid-market organizations to modern cyber threats,” said Curtis Hutcheson, CEO at Infocyte. “However, armed with the right detection and incident response program including tooling, staffing and empowerment, security teams can close gaps in their defenses, proactively identifying and responding to hidden threats and vulnerabilities before they cause damage.”
Infocyte’s report revealed that dwell time, the time between an attack penetrating a network’s defenses and being discovered, remains a major problem for small and mid-sized organizations. The unique methodology used to measure dwell time also paints a very different picture of how long threats like malware are persisting in these types of organizations.
- The average dwell time for confirmed, persistent malware (not including riskware) for the small and mid-sized organizations we inspected was 798 days, far in excess of the reported dwell times for large enterprises.
- Dwell time for modern attacks that include ransomware (i.e. Ryuk) are much lower: averaging 43 days between infection of the initial trojan (often Trickbot or Emotet) and remediation due to how ransomware informs the victim.
- Nearly three quarters (72 percent) of inspected networks have riskware and unwanted applications in their environment that took longer than 90 days to remove. Although generally lower risk, we find networks that fail to control riskware is an indicator of lower readiness to respond to high-priority threats when they are uncovered.
- Infocyte discovered that the dwell time for riskware was much longer for small and mid-sized organizations, averaging 869 days of dwell time.
“Infocyte’s findings should be a wake-up call for SMBs that are overly confident in their organization’s cybersecurity posture. The reality is that many lack the resources, technology, expertise, and visibility to protect their organizations, let alone their customers’ and partners’ data. The long dwell times reported by Infocyte indicate SMBs are at a higher risk of compromise than their larger enterprise counterparts,” said Aaron Sherrill, Senior Analyst at 451 Research. “While modern cybersecurity threats that evade legacy preventative and detection tools are a growing security gap for SMBs, many are unable to remediate the threats they do know about in a reasonable timeframe.”
The report summarizes the widest study of the use of fileless malware using memory (or code) injection, a stealthy fileless technique used to execute external malicious code inside another whitelisted process. More than 60 percent of injections Infocyte found in critical Microsoft Windows processes were malicious and the most common inject locations for confirmed attacks were the Google Chrome process (31 percent) and the Microsoft Internet Explorer process (15 percent).
The report also uncovered that the rise of machine learning and behavioral categorization is making it harder to characterize threats for organizations without threat and malware analysis expertise. In fact, Infocyte found that 61 percent of all detections of active (non-riskware) malware are made with a generic detection such as a machine learning categorization algorithm or behavioral heuristic, which often requires additional verification to confirm and makes it difficult to measure and communicate risks or impact to the business for IT administrators.
To view the full report, visit: https://www.infocyte.com/resources/mid-market-threat-and-incident-response-report/.
About Infocyte, Inc.
Infocyte is a recognized leader in proactive threat detection and on-demand incident response. The world’s leading security and incident response firms (Check Point, PwC and more) use Infocyte’s platform to proactively detect and respond to vulnerabilities and threats hiding within their customers’ endpoints, data centers and cloud environments. Enterprises with a security operations center (SOC) leverage Infocyte’s platform to maintain compliance, reduce risk and optimize security operations. Small and mid-market organizations with an understaffed security team and fewer technical resources leverage Infocyte as a managed service, delivered through one of our partners, providing enterprise-level detection and response services to the mid-market. For partners, Infocyte represents the fastest path for delivering cost-effective and flexible consulting services and ongoing Managed Detection and Response (MDR) services to their customers via our easy-to-use cloud platform. Infocyte was founded in 2014 and is headquartered in Austin, TX. For more information, visit https://www.infocyte.com/.
Infocyte is an easy path to implement EDR or MDR for mid-size organizations. Learn more from Forrester's Now Tech Report here.
Interested in Sunburst and how to address compromises on your network?
Test out Infocyte's endpoint detection and response platform for free with our community edition: