In its just released global threat report, cybersecurity company Crowdstrike introduced a new metric of hacker sophistication: what it calls “breakout” speed. Analyzing more than 30,000 attempted breaches in 2018 the company says it detected across its customer base, Crowdstrike measured the time from hackers' initial moment of intrusion to when they began to expand their access, jumping to other machines or escalating their privileges within a victim network to gain more visibility and control. They compared those times among state-sponsored hackers from four different countries, as well as non-state cybercriminals. Their results suggest that Russia's hackers were far and away the fastest, expanding their access on average just 18 minutes and 49 seconds from their initial foothold. In Crowdstrike's ranking, North Korea's hackers came next, averaging about two hours longer than the Russians to expand beyond an initial compromised machine. Chinese hackers took about four hours, Iranian hackers took more than five, and profit-focused cybercriminal hackers took nearly 10 hours on average to escalate their privileges or spread their infections across other parts of a victim network. These numbers hint at just how quickly defenders need to move to stop a breach in progress, particularly if they pose a tempting target for the adversary. Read the report at Crowdstrike and an article summarizing its findings at Wired.