Mean time to detection (MTTD), also known as mean time to identification (MTTI), is one of the main key performance indicators of incident management. MTTD refers to the average (average) time it takes for the organization to discover or detect an incident. The MTTD formula is shown below:
A shorter MTTD means that users suffer from IT disturbances for a shorter period of time than with a longer MTTD. Incident detection can come from people, such as end users reporting a software failure, or from systems monitoring and management tools. Typically, IT departments try to find a problem before the end user, to minimize the disruption it causes, but this is not always possible. The onset of a problem should be recorded by the affected computer equipment and software programs running on it. For example, a security breach could be traced to a password entered on the system breached at a specific time. The MTTD KPI can help show whether IT monitoring technologies are collecting enough data and covering likely sources of incidents.
What does this mean for an SME?
SMEs should strive to have the MTTD as low as possible, the best way to achieve this is to have strong cybersecurity measures in place. In order to stay secure, your business must take proactive steps to reduce its risk of being compromised by cyber attacks. CyberHoot recommends the following best practices to avoid, prepare for, and prevent damage from these attacks:
- Adopt two-factor authentication on all critical services accessible on the Internet
- Adopt a password manager for better hygiene of personal / professional passwords, to host unique passwords longer than 14 characters for each account
- Require governance policies (WISP, password, acceptable use, information handling, incident response and VAMP)
- Follow a 3-2-1 backup method for all critical and sensitive data
- Train employees in the cybersecurity skills they need, such as good password hygiene and how to spot and avoid phishing attacks
- Test whether employees can spot and avoid phishing emails by testing them
- Document and test disaster recovery plans (BCDR)
- Perform a risk assessment every two to three years