In a context marked by the constant rise of cyberattacks, the lack of visibility into IT systems has become one of the main vulnerabilities for organizations. As ESET, a cybersecurity company, warns, many businesses may have already been compromised without knowing it simply because they lack tools that allow them to detect what is happening within their own technological infrastructure.
The company compares this situation to the well-known Schrödinger’s cat experiment, where the state of something cannot be determined until it is observed. In the digital realm, this lack of observation creates what experts describe as a “latent gap,” allowing cybercriminals to move discreetly within corporate networks for extended periods. During this time, attackers prepare the ground to deliver the final blow at the most opportune moment and with the greatest impact.
“When there is no real visibility into systems, an organization cannot know if it has been breached. Attackers exploit this uncertainty to remain hidden amid regular activity until they activate the attack when it can do the most damage,” explains Josep Albors, Director of Research and Awareness at ESET Spain.
When the attack is not random
Unlike the original Schrödinger’s experiment, cyberattacks are not random. ESET notes that threat groups carefully plan the timing of their attacks, choosing key dates to amplify their impact. The so-called dwell time— the period during which attackers remain hidden within systems—has become a critical factor.
According to data cited in the analysis, the global average time to identify and contain a breach exceeds 240 days, and merely detecting its existence can take more than six months. The longer this period, the greater the consequences: data theft, business disruptions, and reputational damages that are difficult to reverse.
More locks don’t always mean more security
Faced with this scenario, many organizations opt to strengthen their perimeter defenses, “putting on bigger locks.” However, ESET warns that this approach is insufficient against threats such as social engineering, credential theft, or internal attacks. If an attacker obtains the “keys,” the strength of the lock becomes irrelevant.
The alternative—creating an in-house Security Operations Center (SOC)—is also out of reach for most companies. Building one requires significant investment, months of deployment, and highly specialized professionals—resources that are scarce in the current job market. Moreover, poor management of these tools can create a false sense of security, especially if overwhelmed by alerts that are hard to analyze.
MDR: watching to reduce impact
Given these limitations, ESET highlights the growth of Managed Detection and Response (MDR) services as a third option. This model enables organizations to have experts continuously monitor systems, proactively detect threats, and respond within minutes—dramatically reducing detection and containment times.
This approach not only helps mitigate persistent attacks and advanced campaigns but also facilitates compliance with regulatory and cyber insurance requirements, which increasingly demand real detection and response capabilities. “Monitoring what happens in your systems is no longer optional. The difference between detecting an attack in minutes or months could determine an organization’s survival,” adds Albors.