Threat hunting isn’t just for the biggest organizations anymore. As the SolarWinds attack demonstrated, any size company can be vulnerable to stealthy attackers who worm their way into the enterprise. Even if a company has no assets of interest to foreign spies, financially motivated cybercriminals can use the same access points and evasion techniques.
According to IBM’s Cost of a Data Breach Report 2020, the average organization takes 315 days to detect and contain a breach caused by a malicious attack. The longer the attackers stay inside your systems, the more money it costs. According to IBM, it costs companies an additional $1.12 million if it takes them more than 200 days to detect a breach.
As a result, more companies are hiring threat hunters, training existing staff on threat hunting techniques, or hiring outside firms to provide threat hunting services. “Threat hunting is absolutely a necessity in modern cyber defense,” says Mark Orlando, co-founder and CEO at Bionic Cyber, who teaches threat hunting for the SANS Institute and previously worked on security issues for the Pentagon, White House, and the Department of Energy.
“When I first started in security operations, threat hunting sounded cool, but it was something that only the most advanced teams did,” Orlando says. “It was optional, but now you have these high profile breaches that would not have been discovered unless you had skilled investigators who know how to hunt for these threats. There’s now an awareness that it’s not optional.”