Russian hackers are way ahead of the next-fastest state-sponsored hackers, North Korea, who themselves are nearly twice as fast as Chinese groups, according to a new report by US cybersecurity firm Crowdstrike.
“Breakout time”: Speed is one of the most important factors within cybersecurity today, according to the company’s CTO, Dmitri Alperovitch, making it a good proxy for operational sophistication and tradecraft. As a result, Crowdstrike decided to create a new measurement it calls “breakout time”—the time it takes for an intruder to get beyond the initial point of entry to reach other systems in the network to steal data. In 2018, average breakout time was 4 hours and 37 minutes. Crowdstrike drew the data from the 30,000 breach attempts it managed to derail across its customer base. (The report didn’t include data on US-sponsored hacks.)
The rankings: The report compared four nation-states—Russia, China, Iran, and North Korea—and organized criminal groups (consolidated into a single category) by breakout time and found the following averages:
- Russia: 18 minutes and 49 seconds
- North Korea: 2 hours and 20 minutes
- China: 4 hours
- Iran: 5 hours and 9 minutes
- Organized criminal groups: 9 hours and 42 minutes
The significance: Cybersecurity will always be an arms race between attackers and defenders. As intrusions get detected and stopped faster than ever, attackers have had to up their game, too. It isn’t a shock to security experts that Russia is top of the list, but the extent to which it’s so far ahead speaks volumes as to how good their government-sponsored hacking teams are at digital forms of breaking and entering.