Sophos Report Reveals Alarming Gaps in Cybersecurity Telemetry, Accelerating Threat Response Imperative
Sophos has released its Active Adversary Report, revealing critical insights into cybersecurity threats. The report highlights that telemetry logs were missing in nearly 42% of attack cases analyzed, with cybercriminals disabling or wiping out telemetry in 82% of these instances to conceal their actions.
The lack of telemetry poses challenges in detecting and responding to attacks promptly.
Sophos Report: Active Threats
The report classifies ransomware attacks with a dwell time of five days or less as “fast attacks,” constituting 38% of cases, while “slow” attacks with a dwell time exceeding five days make up 62% of incidents. Effective logging and comprehensive cybersecurity measures are crucial in reducing response times and minimizing damage.
“Time is critical when responding to an active threat; the time between spotting the initial access event and full threat mitigation should be as short as possible. The farther along in the attack chain an attacker makes it, the bigger the headache for responders.
“Missing telemetry only adds time to remediations that most organizations can’t afford. This is why complete and accurate logging is essential, but we’re seeing that, all too frequently, organizations don’t have the data they need,” says John Shier, field CTO, Sophos.