Many employees assume detection within a week. However, cyber criminals often operate in a corporate network for several weeks.
According to a survey by G Data, more than half of employees in Germany believe that cyber attacks will be detected within a week based on their effects, such as data encryption. In reality, however, criminals often manage to move unnoticed in a corporate network for months.
G Data points out that tangible signs such as encrypted systems and ransom demands are usually only “the visible tip of the iceberg”. Cybercriminals previously left traces in log files, for example. “Often, a cyber attack currently in progress goes unnoticed, even though there are signs of it,” said Andreas Lüning, founder and CEO of G DATA CyberDefense. “One reason for this is the lack of IT security knowledge in IT departments. Log files, for example, are not evaluated at all or only insufficiently, as an IT admin cannot do the work of an analyst.
The study, conducted together with Statista and Brand Eins, also showed that two out of five companies only keep log files for between one and four weeks. One in five respondents did not know how long log files were stored. Among other things, short retention periods make it difficult to detect suspicious and harmful processes at an early stage.
“Companies are therefore dependent on external service providers and corresponding solutions, such as Managed Endpoint Detection and Response (MEDR), to detect and stop cyber attacks at the smallest signs,” G Data informed. “IT specialists can detect anomalies in systems at an early stage by constantly monitoring the IT systems and continuously evaluating log files.”