According to CrowdStrike’s 2025 Global Threat Report, the average breakout time, the window between an adversary gaining initial access and pivoting to other systems in your network, has shrunk to just 48 minutes. In less time than a typical meeting, a capable adversary can go from compromising a single device to moving laterally through your corporate environment, gaining privileged access, and preparing to exfiltrate data or deploy ransomware. For a security team, this creates a very small response window.
I recently spoke at CrowdStrike’s annual security conference about this problem and what it means for defenders. The focus of that talk was simple. While security teams need to reduce their own detection and response times, they also need to put controls in place that increase breakout time. I walked through how one particular threat steals credentials, performs reconnaissance, and moves laterally, then identified the controls that would slow them down. The talk was aimed at security engineers and system administrators, but the underlying message applies to leadership as well.
Why Breakout Time Matters
Breakout time is a critical indicator of both attacker capability and defender readiness. Modern threat actors have become faster by refining their methods over years of practice. Ransomware groups maintain playbooks, reuse effective techniques, and train operators to move through each stage of an intrusion with speed and consistency. Conversely, decreasing breakout times show that organizations lack the preventative controls needed to create friction and keep adversaries from making progress toward their objectives.
...
Excerpted from my new blog, Cybersecurity Oversight.
Read the whole post here: https://cybersecurity-oversight.ghost.io/adversaries-keep-getting-faster/
No comments:
Post a Comment