Network defenders often look at "dwell time" – the time between an adversary gaining access and achieving their objectives – as a key metric in understanding threat and risk. Based on Secureworks direct observations through incident response engagements, the average dwell time for post-intrusion ransomware attacks has remained fairly constant this year compared to last, at four and a half days in 2022 compared to five in 2021.
What that means is that on average an organization has almost a whole working week to detect and contain an intrusion before the lights go out. Understanding how ransomware operators act once inside a network is the key to exploiting this "detection window."
In this session, Director of Threat Research Chris Yule will lead a roundtable discussion looking at how best we can prepare for and defend against the pervasive threat of ransomware.