News brief: Attackers gain speed in cybersecurity race

Just 15 years ago, the median dwell time of a cyberattack -- the duration an attacker remains within their victim's system, spanning from the initial signs of compromise to the moment of detection -- was 416 days, according to Mandiant. That metric has steadily decreased over the past decade and a half, falling to 11 days in 2024.

Reasons for dwell time decreases are twofold. Enterprise security monitoring, logging and alerting capabilities have become stronger and more effective, while certain attacks -- such as ransomware, in which malicious actors attempt to extort victims rapidly -- are detected much more quickly. Yet these points are countered by overworked or under-skilled security teams and immature incident response plans, as well as by sophisticated advanced persistent threats that use stealth and living-off-the-land techniques to evade detection for long periods.

Cybersecurity is a tale as old as time: As enterprise defenses get stronger, adversaries up the ante ...