Surprise! Cybersecurity Is Improving Rapidly

Organizations are closing the skills gap between hackers and themselves, and in general companies in the Western Hemisphere are getting pretty good at cybersecurity, according to the cybersecurity firm Mandiant. The report contains plenty of alarming material, including sections on the growing Iranian threat, but according to Charles Carmakal, vice president at Mandiant, the most important statistics are those on who first noticed data breaches and how they did it. That matters because who notices hackers makes a big difference in how fast the hackers get caught. Internal detection is getting much faster, so hackers are in systems for less time than they used to be. In the U.S., it’s a threefold difference. Worldwide, the median dwell time (the time hackers can spend in a system without being caught) is only a quarter of what it was in 2011, and for all the high profile coverage of massive, often careless breaches, there’s reason to think defenders are outpacing attackers. Also, based on media coverage, you’d be forgiven for thinking that the majority of unsecured data on the internet was on cloud storage units and online databases. Wrong. A study mapping the internet’s probably-should-be-secured files found that only 7 percent were from leaky Amazon cloud buckets, the system that is frequently misconfigured, allowing anyone password-free access. The rest of the unsecured files are found via a variety of other protocols, including FTP, the network protocol SMB and many backup service systems.