While there are dozens of metrics available to determine success, there are two key cybersecurity performance indicators every organization should monitor.
For any organization to protect itself from cyberattacks and data breaches, it’s critical to discover and respond to cyber threats as quickly as possible. Shutting the window of vulnerabilities promptly makes the difference between a mild compromise and a catastrophic data breach. Understanding your ability to do so gives your organization a powerful way to determine holes in your defenses and areas where your team needs to improve.
MTTD and MTTR Explained
While there are dozens of metrics available to determine success, here are two key cybersecurity performance indicators every organization should monitor.
Mean Time to Detect (MTTD): Your MTTD is the average time it takes to discover a security threat or incident.
Mean Time to Respond (MTTR): Your MTTR measures the average time it takes to control and remediate a threat.
Your MTTD and MTTR depend on a number of factors, including the size and complexity of your network, the size and expertise of your IT staff, your industry, and more. And different companies measure things in different ways. There are no industry-standard approaches to measuring MTTD and MTTR, so granular comparisons between organizations can be problematic apples-vs-oranges affairs.
According to the SANS 2019 Incident Response survey, 52.6% of organizations had an MTTD of less than 24 hours, while 81.4% had an MTTD of 30 days or less.
Once an incident is detected, 67% of organizations report an MTTR of less than 24 hours, with that number increasing to 95.8% when measuring an MTTR of less than 30 days. However, according to the Verizon Data Breach Investigations Report, 56% of breaches took months or longer to discover at all. That’s an incredible amount of time for the bad guys to be inside of your perimeter while preparing to exfiltrate your data.
How to Improve MTTD and MTTR
Measuring and improving MTTD and MTTR is easier said than done. The fact is that many businesses work with IT teams that are stretched thin and often lack cybersecurity expertise. Meanwhile, they face ever-more sophisticated attacks stemming from well-funded criminal networks or malicious nation-state actors. That said, there are a number of things every organization can do to drive down its MTTD and MTTR.
Start with a plan: Create an incident response plan in advance of potential attacks to identify and define stakeholder responsibilities so the entire team knows what to do when an attack occurs. This plan can define your processes and services used to detect these threats. As you get a few incidents under your belt, review your plan to look for areas for improvement that can reduce MTTD and MTTR.
For More Details :
https://threatpost.com/mttd-and-mttr-two-metrics-to-improve-your-cybersecurity/152149/
