reports that cybercriminals and other threat actors had a median dwell time, or the duration from assumed initial intrusion and intrusion detection, of 21 days last year, which was the lowest since 2014, when median dwell times took 205 days.
However, shorter dwell times have not always correlated with reduced damage, according to a Mandiant's M-Trends report. While median ransomware
dwell times in the Americas and the Europe, Middle East, and Africa region was only four days, 80% of dwell times were found to be over one year and six months. The report also revealed that internally discovered cybersecurity incidents had global median dwell times increase from 12 days in 2020 to 18 days in 2021, suggesting that attack concealment techniques have surpassed detection efforts.
Meanwhile, ransomware attacks dropped by 2% overall, with the Americas reporting a larger decline. Exploits were the most prevalent initial infection vector, followed by supply chain compromises, said Mandiant.