FIREEYE, INC. the intelligence-led security company, Thursday announced the release of its annual M-Trends report, which found that attackers were present in EMEA organizations’ networks a median of 175 days before being detected in 2017.

This is an increase of almost 40 percent from the same measurement the year before which stood at 106 days. The report is based on information gathered during investigations conducted by FireEye’s security analysts in 2017 and uncovers emerging trends and tactics that threat actors used to compromise organizations.

The key findings include:

• Dwell time of attackers in EMEA organizations was 175 days — The median dwell time (the duration a threat actor has in an organization’s environment before they are detected) stood at 175 days. The median dwell time globally is 101 days, so EMEA organizations were 2.5 months slower to respond than the global median. However, progress appears to have been made with organizations discovering breaches internally, rather than being notified by law enforcement or another outside source. EMEA median dwell time for internal detection was 24.5 days, down from 83 days in last year’s report. The global statistic for internal detection is 57.5 days.

• Finance sector still the most targeted — In 2017, 24 percent of Mandiant investigations in EMEA involved organizations from the finance sector. This made finance the most targeted sector ahead of government, which represented 18 percent. Business and professional services was the third most targeted sector, involved in 12 percent of investigations.

• Once a target, always a target — FireEye data provides evidence that organizations which have been victims of a targeted compromise are likely to be targeted again. Global data from the past 19 months found that 56 percent of all FireEye managed detection and response customers who came out of Mandiant incident response support were targeted again by the same or a similarly motivated attack group.

Findings also show that at least 49 percent of customers that had experienced at least one significant attack were successfully attacked again within the next year. In EMEA specifically, 40 percent of customers who had been affected by a serious breach had multiple significant attacks from multiple groups throughout the year.

• Cybersecurity skills gap, ‘the invisible risk’ — The demand for skilled cyber security personnel is continuing to rapidly outpace supply, adding to the existing skills shortage. Industry research data by the National Initiative for Cybersecurity Education (NICE), and insights gained through FireEye engagements throughout 2017, point to the deficit getting worse over the next five years. These findings show that the main areas affected by the skills gap are visibility & detection and incident response. In both of these disciplines, a lack of expertise is causing a potentially costly delay in dealing with malicious activity.

Stuart McKenzie, vice president of Mandiant at FireEye, said, “It’s disappointing to see median dwell times increasing significantly in EMEA organizations, particularly with the GDPR deadline just around the corner.”

“However, on the positive side, we’ve seen a growing number of historic threats uncovered this year that have been active for several hundred days. Detecting these long-lasting attacks is obviously a positive development, but it increases the dwell time statistic,” he added.

FireEye, a intelligence-led security company, works as a seamless, scalable extension of customer security operations. It offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant consulting.

With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 6,600 customers across 67 countries, including more than 45 percent of the Forbes Global 2000. — SG