Threat Research

M-Trends 2014 Threat Report Revealed

Drum roll please...the fifth installment of Mandiant's annual threat report, M-Trends has arrived! You can download the latest report, "M-Trends: Beyond the Breach", here.

During the course of the month, we'll be diving into M-Trends and offering our readers insight into each of the trends. But before we do, I want to give you a sneak peak at some interesting points from the report.

More than ever, cybersecurity is top of mind. Over the course of the past year we saw President Obama make cyber threats a main speaking point during his annual State of the Union address, media organizations publish stories on their own breaches, and an increased willingness of victim organizations and policymakers to speak more openly about their own breaches. Responding to incidents in more than 30 industry sectors, as an organization we continue to see that breaches are inevitable.

While we discovered that organizations are finding breaches more quickly than in previous years (229 vs. 243 days), there is still a lot of work to be done. Because of the sophistication and sheer number of breaches, we found attackers have spent an average of two-thirds of a year within networks before organizations identify the threat. That leaves a large window of opportunity for attackers to mine networks for valuable data such as proprietary and personally identifiable information.

What are attackers' motives? It is hard to pin point one. We found that each attacker has their own motives, approaches, and skill levels. Some are financially motivated, well-funded, and highly sophisticated at leveraging advanced persistent threat techniques. While in other cases, motives are political or disruptive and use less advanced approaches.

Stay tuned to M-Unition for perspectives on the report specifically for CISOs and practitioners.