Cybersecurity attacks happen so frequently that the goal of the computer security incident response team (CSIRT) is to recreate attacks, when applicable, to mitigate future cyber attacks. Most organizations are unaware of a cyber attack until the data has been stolen from the organization. The average dwell time for an organization to discovery a cyber attack is 146 days. Dwell time or breach detection gap (BDG) is defined as the time elapsed between the initial breach of the network by an attacker and the discovery of that breach by the victim. Also, not all breaches are criminal by design. Hacktivists, hack-activists, are individuals concerned with the advancement of human rights and free speech. The term hacktivism emerged in the late 1980s when protesting a shuttle launch of radioactive plutonium by US Department of Energy and National Aeronautics Space Administration. Why is there a large span of time in detection? According to SANS Incident Response Survey, there is a shortage of skilled professionals with experience, training, and certifications.
Bromiley, Matt. “Incident Response Capabilities in 2016: The 2016 SANS Incident Response Survey.” June 2016, https://www.sans.org/reading-room/whitepapers/incident/incident-response-capabilities-2016-2016-incident-response-survey-37047. Accessed 26 February 2017.
Denning, Dorothy. “The Rise of Hacktivism.” 08 September 2015, Georgetown Journal of Internal Affairs. http://journal.georgetown.edu/the-rise-of-hacktivism/. Accessed 26 February 2017.
Gerritz, Chris. “Breach Detection by the Numbers: Days, Weeks, or Years?” 27 July 2016, https://www.infocyte.com/blog/2016/7/26/how-many-days-does-it-take-to-discover-a-breach-the-answer-may-shock-you. Accessed 26 February 2017.