AMU Cyber & AI Original

Why Reducing Hackers’ Dwell Time in Your Organization’s Network Is Essential

Get started on your cybersecurity degree at American Military University.

By Susan Hoffman
Contributor, InCyberDefense

After a hacker penetrates a corporate network, there is often a long period of time before company employees detect the data breach. This gap is known as “dwell time.”

During dwell time, a hacker can cause considerable damage to a corporate network, including:

  • Copying credit card numbers and Social Security numbers
  • Deleting or changing files
  • Stealing funds
  • Getting access to email accounts containing sensitive or proprietary information
  • Planting worms, Trojan horses or viruses
  • Copying information assets
  • Causing denial of service (DOS) attacks

What Is the Typical Length of Dwell Time?

A hacker can wreak havoc in a computer network for a very long time before he or she is detected. According to Chase Snyder of IT analytics company ExtraHop, the median dwell time was 99 days in 2017.

However, dwell time also depends on how well a company has protected its computer network and the alertness of internal employees. On the CrowdStrike blog, VP of Product Marketing Dan Larson noted that dwell times for major hacks were much longer than the median dwell time:

  • Home Depot: Five months
  • Michaels: Eight months
  • P.F. Chang’s: 11 months
  • Sony: 12 months
  • U.S. Office of Personnel Management: 12 months

The longer the dwell time, the more damage the hacker does inside the company network. Also, the organization suffers from other problems after it publicly reports the data breach, such as a loss of customers and contracts, negative news coverage, lawsuits and lower share prices.

Minimizing Dwell Time for a Hacker

Basic security such as creating firewalls, training other employees in security techniques and installing software updates help to deter some hackers. However, it’s critical to take extra security precautions. Malware, ransomware and other security threats change rapidly, so it is difficult for a company to achieve a 100% secure network.

But there are additional steps that organizations can take to ensure that data breaches are detected more quickly:

  • Schedule daily security scans
  • Use artificial intelligence to detect anomalies and unusual activity more quickly
  • Segregate information assets to make it harder for hackers to reach them

The Use of Distributed Deception

As an additional safeguard for reducing dwell time, Dave Burton of Infosec Island recommends the use of distributed deception in a network environment.

Burton says, “Distributed deception is a technique that employs a variety of lures throughout the environment, including decoy workstations, servers, infrastructure, devices, applications and other elements, to automatically engage any suspicious activity detected. It is a powerful tool for identifying threat actors without them realizing it, allowing [security] teams to instantly distinguish actual attacks from false positives and prioritize incidents based on severity.”

Ideally, companies need to be as proactive as possible when it comes to detecting intrusions. It is essential to hire highly qualified talent and provide additional training to current IT employees to ensure that the corporate network remains as secure as possible.

Susan Hoffman is a Managing Editor at Edge, whose articles have appeared in multiple publications. Susan is known for her expertise in blogging, social media, SEO, and content analytics, and she is also a book reviewer for Military History magazine. She has a B.A. cum laude in English from James Madison University and an undergraduate certificate in electronic commerce from American Public University.

Comments are closed.