​APAC unprepared for security breaches: FireEye's Mandiant

Cyberforensics firm Mandiant has reported that APAC organisations are frequently unprepared to identify and respond to breaches, with a median response time of 374 days over that of the global median.
Written by Asha Barbaschow, Contributor

Mandiant, a FireEye company, said it had responded to a number of high profile breaches in 2015, finding that organisations in the Asia-Pacific region were frequently unprepared to identify and respond to such events in a timely manner.

In its latest report, Mandiant M-Trends Asia Pacific, the cyberforensics firm found that organisations across APAC allowed attackers to dwell in their environments for a median period of 520 days before discovering them -- three times the global median of 146 days.

"In 2015, we continued to see heightened levels of cyber threat activity across APAC," the report says. "We surmise that this is likely fuelled by regional geopolitical tensions, relatively immature network defences and response capabilities, and a rich source of financial data, intellectual property, and military and state secrets."

Mandiant said APAC organisations cannot defend their networks from attackers because they frequently lack basic response processes and plans, threat intelligence, technology, and expertise.

The security vendor reminded organisations in the region that cyber threats are not an explicitly US problem and that APAC organisations should focus on enhancing their overall security posture.

"Existing security controls and capabilities in organisations across APAC are not up to the challenge of detecting and responding to advanced threat actors," Mandiant said.

The report found that APAC was almost exclusively targeted by some attacker tools, with one suspected Chinese threat group, APT30, targeting highly sensitive political, economic, and military information for at least a decade.

Mandiant said that during its investigations, it found that most organisations depended only on antivirus software to detect malicious persistence mechanisms.

"Antivirus software is a signature-based technology that cannot detect every malicious event across an entire estate," the company said.

"A number of commercially available tools can monitor persistence mechanisms; however, we often found that APAC organisations had not reached the security maturity to introduce this kind of technology."

As a result, Mandiant said the deployment of tools to monitor persistence mechanisms were not prioritised.

"Unfortunately being unprepared for a breach is business as usual in Asia Pacific, and the region's governments and boards need to address this further," Rob van der Ende, vice president for Mandiant Consulting, Asia Pacific and Japan at FireEye, said.

"To significantly improve, organisations must bring together the technology, threat intelligence, and expertise necessary to quickly detect and respond to cyber attacks."

Van der Ende said that firms can benefit by embracing modern response techniques rather than legacy approaches, which often fail to find the attacker's needle in the proverbial haystack.

Editorial standards