In the cybersecurity landscape, it is important to know where you stand. Measuring is knowing is a common phrase in this field. With just one precaution, you won't be there. There are many issues that need to be considered. One of the parts you have to think about is detection. In this blog, we'll zoom in on why it's so important.

How long has a hacker been inside?

There are many known cases that a hacker has been able to look around in the system for a long time. This is obviously the best scenario for a hacker. He can quietly look for potentially vulnerable systems or outdated versions of applications. On average, a hacker is six months inside before they strike. So were the hackers who Maastricht University ransomwares had been on the network for several months, and also during the hack at Allekabels.nl the hackers were able to go about their business undisturbed for almost six months.

Another “nice” example comes from America. here reports cybersecurity company Symantec that a state-sponsored hacker group has been sneaking around networks for almost a year. How are the above still possible is a question that is often asked. The answer is simple: companies often think this won't happen to them. They invest too little in time, finances, and knowledge in developing detection options and recognizing suspicious activities.

Insight is key

It is very important to have insight into your internal IT landscape. What's happening? Who has access to what? And aren't we seeing any suspicious activity? The internet-facing part is perhaps even more important. This is where detection can help.

Detection has many forms, from software products to hardware products. This is usually in the form of an IDS and/or an IPS. An IDS, Intrusion Detection System, helps monitor network traffic. This can be done in its entirety or as specific to one part of the network. An IPS, Intrusion Prevention System, actively blocks notable events within the network. Both solutions help increase the visibility of actions performed on the monitored network. It's already too late if you think about “that won't happen to us anyway!” Measuring is knowing and without insight into possible malicious actors in your system, the end is lost.

Detection is key

By quickly identifying the first signs of a hack and acting immediately on it, the follow-up costs of an attack are drastically reduced. As mentioned earlier, a hacker has often been in your network for a long time. Not an ideal situation. A Managed Detection & Response solution gives speed to following up on reports and searching for suspicious activities. Instead of six months that it takes, on average, to detect that a hack has occurred, an MDR service can drastically reduce this to hours, if not shorter.

Detecting and resolving cyber threats quickly is very important. You should be able to say 'yes' firmly to the question what we started this blog with. The less time a cybercriminal has, the more chance the organization has to minimize business impact. We can't say this often enough. If a cyber threat is detected in time, you can continue to focus on the organization's core tasks.

Want to know where to start? Or would you like to discuss this topic with one of our experts? Then take contact with us. We are happy to help you get started without obligation.