Mean Time To Detect (MTTD), also known as Mean Time To Identify (MTTI), is one of the main key performance indicators in Incident Management. MTTD refers to the mean (average) amount of time it takes for the organization to discover or detect an incident. The MTTD formula is shown below:
A shorter MTTD means that users suffer from IT disruptions for less time than with a longer MTTD. Incident detection can come from people, such as end-users reporting a software outage, or from systems monitoring and management tools. Generally, IT organizations strive to detect an issue before an end-user does, to minimize the disruption it causes, but this is not always possible. The beginning of an issue should be recorded by affected IT equipment and the software programs that run on it. For example, a security intrusion could be tracked to a password entered on the breached system at a specific time. The MTTD KPI can help show if IT monitoring technologies collect sufficient data and cover the probable sources of incidents.
What does this mean for an SMB?
SMBs should strive to have the lowest possible MTTD, the best way to do this is to have strong cybersecurity measures in place. In order to stay secure, your company needs to take proactive measures to reduce its chances of being compromised by cyberattacks. CyberHoot recommends the following best practices to avoid, prepare for, and prevent damage from these attacks:
- Adopt two-factor authentication on all critical Internet-accessible services
- Adopt a password manager for better personal/work password hygiene, to house unique 14+ character passwords for every account
- Require Governance Policies (WISP, Password, Acceptable Use, Information Handling, Incident Response, and VAMP)
- Follow a 3-2-1 backup method for all critical and sensitive data
- Train employees on cybersecurity skills they need such as strong password hygiene and how to spot and avoid phishing attacks
- Test that employees can spot and avoid phishing emails by testing them
- Document and test Business Continuity Disaster Recovery (BCDR) plans
- Perform a risk assessment every two to three years
Start building your robust, defense-in-depth cybersecurity plan at CyberHoot.
To learn more about the Incident Response Process and Policy, watch this short video:
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
- Cybrary (Cyber Library)
- Press Releases
- Instructional Videos (HowTo) – very helpful for our SuperUsers!
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.