Time is of the essence

According to several studies and experiences based on actual attacks, many companies have a clear action plan for the procedures to be executed in the event of a cyber-attack. However, benchmarks show that on average, 45 minutes pass from detection to response. This is nowhere near efficient enough, as an attack only needs 10 minutes to paralyze your company. Time is the most crucial factor once your company has been compromised.


During the huge NotPetya attack in the summer of 2017, the process of turning off every computer took more than two hours and digital phones at every cubicle had been rendered useless in the emergency network shutdown, with a network “so deeply corrupted that even IT staffers were helpless,” according to Wired’s article on the attack fallout.

In the two hours, the attack spread and that is just the time detected after the attack was found out. While the computers were being turned off, the virus continued to spread, creating damage everywhere.


After the attack is stopped, the aftermath begins. Knowing where the attack is coming from allows many organizations to work out if they are actively being targeted, or if they are just collateral damage. This is of value on the recovery exercise as it allows those in charge of the recovery to steer resources more effectively rather than having to cover all bases.

This is, of course, made simpler and less damaging for the company, if the attack is stopped as soon as it is detected.