Infocyte's Mid-market Threat and Incident Response Report (Q2 2019)

Download the Report

Complete and submit the form below to download our Q2 2019 Mid-market Threat and Incident Response Report.

Report Overview

During the first half of 2019, we completed over 550,000 forensic inspections across hundreds of customer networks as part of proactive compromise assessments, incident response, and ongoing monitoring. This report is a summary of the findings over a 90 day period (Q2) within these organizations which range between 99 - 5000 employees and up to $1B in revenue.

While ransomware cases continue to be a top concern, we found small and mid-sized businesses are vulnerable to long term compromise due to lack of detection and response capabilities. Infocyte’s Q2 2019 Mid-market Threat and Incident Response Report revealed that dwell time, the time between an attack penetrating a network’s defenses and being discovered and removed, remains a large issue for small and mid-sized organizations.

In addition, our report contains observations and recommendations based on factors found in the cleanest, most well managed networks we encountered. Download a copy of our Q2 2019 Mid-market Threat and Incident Response Report to discover what we learned.

Report Highlights

  • Dwell Time for malware (non-riskware) averaged over 2 years (798 days) and is a more significant problem for small and mid-sized organizations.
  • 72% of small and mid-sized organizations have multiple low priority threats or riskware (includes adware, web trackers, dangerous utilities, and unwanted applications) lasting more than 90 days.
  • Average Dwell Time for attacks involving ransomware is much shorter (43 days) due to the attack informing the victim. This number is notable for two reasons:
    • The number of ransomware cases continues to climb bringing average Dwell Time numbers in other industry reports down.
    • It is common to see a multiple day (sometimes weeks) delay between the initial infection (usually via an Emotet or Trickbot trojan) and the final ransom which gives defenders time to find the infection via hunting.
  • 22 percent of small and mid-market organizations’ networks have encountered a Ransomware attack that bypassed their preventive security controls.
  • Fileless attacks using memory injection techniques are becoming more common -- the report concludes the most comprehensive stats on the use of these techniques in production networks.

Dwell Time by Threat Type

q2 2019 mid-market threat and incident response report