We have stated in the past that cyber criminals often will be in the company network for months before pulling the trigger. Now this article backs this up.
Ransomware Attackers May Lurk for Months, FBI Warns
This also means that restoring from backups in the event of a ransom attack means that you are also restoring their access as well.
The angle my mind takes when I read this is that you need to have DETECTION in place to find them before they do damage. This is what a SIEM and Integrity monitoring tool are designed to do.
The other angle is that without DECTECTION, they may sit and harvest data for years and sell it on the black market. I can’t tell you how many times I have read articles about companies being breached for many months or years before finding it. The recent Wawa’s breach is an example. Credit card’s were being skimmed from the corporate systems and POS for 9 months before being detected.
Director of Security Services
Mainstream Technologies Inc.