Hong Kong, 18 April 2018 | Asia Pacific companies took almost five times as long as the global median time to detect cyber attacks according to FireEye, Inc., the intelligence-led security company, which today shared findings of its M-Trends® 2018 report on the preparedness of firms to respond to breaches with reporters in Hong Kong.
“Hong Kong companies face targeted cyber attacks by groups of increasing sophistication. Firms here are struggling to meet the threats, and they are not alone. We found that last year Asia Pacific organizations took a median of 498 days to detect intruders inside their networks, which is almost five times the global figure,” said Bryce Boland, Asia Pacific Chief Technology Officer at FireEye.
The M-Trends 2018 report draws upon the insights gleaned from FireEye’s investigations carried out in 2017. FireEye found that attackers were present in Asia Pacific organizations’ networks a median of 498 days before being detected, compared to a median of 101 days globally.
“As a regional hub, much of Hong Kong’s value to the private sector rests in providing a low risk, reliable environment to conduct business, but weak cyber security can quickly undermine this,” said Boland. “Organizations must take steps to improve their cyber security. To effectively manage risk, firms need to go above and beyond compliance with regulations.”
Once a Target, Always a Target
M-Trends 2018 data indicates that Asia Pacific organizations which have been victims of a targeted compromise are more likely to be targeted again. Asia Pacific organizations were twice as likely to have experienced multiple incidents from multiple attackers, compared to organizations in EMEA or North America. More than 91 percent of Asia Pacific organizations which had at least one significant attack attempt were targeted again by the same or a similarly motivated attack group. Of those organizations, 82 percent had multiple attackers identified.
Threat Actors Proliferate
The number of countries with offensive cyber capabilities continues to grow. FireEye tracks more than a thousand uncategorized attackers and only names attacker groups when it has confidence in the groups’ sponsoring nation, target profile, attack motivations, and tactics, techniques and procedures. In 2017, FireEye promoted four previously uncategorized attackers into the category of named advanced persistent threat groups.
Strategies to Manage Cyber Risk
At the briefing, Bryce Boland discussed strategies that organizations can use to manage cyber risk, such as cyber threat intelligence.
“When contending with determined attackers, breaches are inevitable. Because the economic and national security of nations increasingly rely on the security of the private sector, it’s important that companies take a strategic approach to managing the risk they face from cyber attacks. Organizations must learn who is likely to target them, learn the techniques attackers are likely to use, and determine their ability to quickly detect and respond to attacks, so that they can then deploy their security resources accordingly,” Boland continued.
About FireEye, Inc.
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 6,600 customers across 67 countries, including more than 45 percent of the Forbes Global 2000.
FireEye, Mandiant and M-Trends are registered trademarks or trademarks of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.