Mandiant: Attackers' Median Dwell Time Drops to 3 Weeks
The median number of days an attacker dwells in a system before detection fell from 24 days in 2020 to 21 days in 2021, according to the M-Trends 2022 report by cybersecurity company Mandiant. The biggest year-on-year decline in median dwell time occurred in the APAC region, where it dropped from 76 days in 2020 to 21 days in 2021.
In a separate report detailed below, Mandiant says that the number of zero-days exploited in the wild hit record highs in 2021. For the EMEA region, the median dwell time dropped from 66 days in 2020 to 48 days in 2021, while for the Americas it remained steady at 17 days, the report says.
Yihao Lim, intelligence strategy lead, APJ, Mandiant, tells Information Security Media Group there are several reasons for the decline in dwell time. "Organizations are now more mature in detecting the threats themselves. Secondly, vendors and third-party organizations are more actively sharing threat observations with victims. Thirdly, there is more information sharing between companies, and governments in APAC are taking cybersecurity more seriously now," he says.