Get started on your cybersecurity degree at American Military University.
By Susan Hoffman
After a hacker penetrates a corporate network, there is often a long period of time before company employees detect the data breach. This gap is known as “dwell time.”
During dwell time, a hacker can cause considerable damage to a corporate network, including:
- Copying credit card numbers and Social Security numbers
- Deleting or changing files
- Stealing funds
- Getting access to email accounts containing sensitive or proprietary information
- Planting worms, Trojan horses or viruses
- Copying information assets
- Causing denial of service (DOS) attacks
What Is the Typical Length of Dwell Time?
A hacker can wreak havoc in a computer network for a very long time before he or she is detected. According to Chase Snyder of IT analytics company ExtraHop, the median dwell time was 99 days in 2017.
However, dwell time also depends on how well a company has protected its computer network and the alertness of internal employees. On the CrowdStrike blog, VP of Product Marketing Dan Larson noted that dwell times for major hacks were much longer than the median dwell time:
- Home Depot: Five months
- Michaels: Eight months
- P.F. Chang’s: 11 months
- Sony: 12 months
- U.S. Office of Personnel Management: 12 months
The longer the dwell time, the more damage the hacker does inside the company network. Also, the organization suffers from other problems after it publicly reports the data breach, such as a loss of customers and contracts, negative news coverage, lawsuits and lower share prices.
Minimizing Dwell Time for a Hacker
Basic security such as creating firewalls, training other employees in security techniques and installing software updates help to deter some hackers. However, it’s critical to take extra security precautions. Malware, ransomware and other security threats change rapidly, so it is difficult for a company to achieve a 100% secure network.
But there are additional steps that organizations can take to ensure that data breaches are detected more quickly:
- Schedule daily security scans
- Use artificial intelligence to detect anomalies and unusual activity more quickly
- Segregate information assets to make it harder for hackers to reach them
The Use of Distributed Deception
As an additional safeguard for reducing dwell time, Dave Burton of Infosec Island recommends the use of distributed deception in a network environment.
Burton says, “Distributed deception is a technique that employs a variety of lures throughout the environment, including decoy workstations, servers, infrastructure, devices, applications and other elements, to automatically engage any suspicious activity detected. It is a powerful tool for identifying threat actors without them realizing it, allowing [security] teams to instantly distinguish actual attacks from false positives and prioritize incidents based on severity.”
Ideally, companies need to be as proactive as possible when it comes to detecting intrusions. It is essential to hire highly qualified talent and provide additional training to current IT employees to ensure that the corporate network remains as secure as possible.