New data suggests that the gangs and toolkits behind current ransomware attacks are materially improving their abilities, resulting in a speeding up of attacks before defenses kick in.
It’s the last thing we want to hear; the threat actors are winning. But, according to Sophos’ 2023 Active Adversary Report for Tech Leaders report – at least when looking at threat actor dwell time – it seems to be the case. Dwell time is that time between when a threat actor first achieves initial access to when they actually carry out their attack.
Last year (according to Sophos) the median for ransomware attacks was just 9 days. Today, it’s just 5.
That’s a 44% improvement where threat actors are able to perform the needed discovery, lateral movement, privilege escalation, etc. needed to attack. The only good news here is that, for non-ransomware attacks, the median dwell time rose from last year’s 11 days to 13 this year.
Regardless of how you look at it, the reality is that single-digit day dwell time is now the assumption. You have just days to determine whether an attacker is on your network until they wreak havoc on your organization.
This is why I’m so passionate about Security Awareness Training as a means to thwart these attacks before the attacker has enough access to start the “dwell time” clock. If users never fall for phishing or social engineering attacks, the ability for the threat actor to gain entrée to your organization’s network is significantly reduced.
