Press "Enter" to skip to content

Finding incidents faster, but how do customers feel?

Researchers at cybersecurity company FireEye Mandiant analysed hundreds of cyber incidents and found that the global median dwell time – the duration between the start of a security intrusion and when it’s identified – has dropped to below a month for the first time, standing at 24 days.

According to  the M-Trends 2021 annual threat report , that means incidents are being identified twice as quickly as they were last year when the average dwell time was 56 days – and much more quickly than they were a decade ago, when it often took over a year for organisations to realise that cyber criminals had infiltrated the network.

That’s from ZDNet.  

Then again, there’s more possibly weaknesses.  Now a new set of nine such vulnerabilities are exposing an estimated 100 million devices worldwide, including an array of internet-of-things products and IT management servers.   Dubbed Name:Wreck , the newly disclosed flaws are in four ubiquitous TCP/IP stacks, code that integrates network communication protocols to establish connections between devices and the internet.

So, how about some context.  Malwarebytes has published data about SMB customers.     56% of U.S. businesses with 50 to 999 employees either somewhat or strongly concur that it’s not a matter of if but when they will suffer a successful cyberattack. Yet even so fully 91% of those same organizations say they’re either satisfied or completely satisfied with their endpoint protection solution, and an even greater 95% say they trust their current endpoint protection provider. 

Mark Strassman, chief product officer says “Expectations are low, and I don’t think they need to be.”

Cisco, however, thinks SMBs are outperforming.    That’s what the press release said – although my take on the data says they’re in line with enterprise and midmarket.    Link in the show notes.

Why do we care?

We’re finding things faster, the risk profile is increasing, and customer expectations are low.     Strassman is right in that expectations don’t need to be low.   That said, I think that’s missing the larger lack of trust problem technology has in general.      

Let’s observe that generally customers are going to be inclined to trust their purchased solution because buyers don’t want to be wrong here.   They paid money, and so they believe in the solution.   

Trust is the resource to consider here – make sure you have it and nurture it.