Mean Time To Detect (MTTD), also known as Mean Time To Identify (MTTI), is one of the main key performance indicators in Incident Management. MTTD refers to the mean (average) amount of time it takes for the organization to discover or detect an incident. The MTTD formula is shown below:

MTTD formula

A shorter MTTD means that users suffer from IT disruptions for less time than with a longer MTTD. Incident detection can come from people, such as end-users reporting a software outage, or from systems monitoring and management tools. Generally, IT organizations strive to detect an issue before an end-user does, to minimize the disruption it causes, but this is not always possible. The beginning of an issue should be recorded by affected IT equipment and the software programs that run on it. For example, a security intrusion could be tracked to a password entered on the breached system at a specific time. The MTTD KPI can help show if IT monitoring technologies collect sufficient data and cover the probable sources of incidents.

What does this mean for an SMB?

SMBs should strive to have the lowest possible MTTD, the best way to do this is to have strong cybersecurity measures in place. In order to stay secure, your company needs to take proactive measures to reduce its chances of being compromised by cyberattacks. CyberHoot recommends the following best practices to avoid, prepare for, and prevent damage from these attacks:

  • Adopt two-factor authentication on all critical Internet-accessible services
  • Adopt a password manager for better personal/work password hygiene, to house unique 14+ character passwords for every account
  • Require Governance Policies (WISP, Password, Acceptable Use, Information Handling, Incident Response, and VAMP)
  • Follow a 3-2-1 backup method for all critical and sensitive data
  • Train employees on cybersecurity skills they need such as strong password hygiene and how to spot and avoid phishing attacks
  • Test that employees can spot and avoid phishing emails by testing them
  • Document and test Business Continuity Disaster Recovery (BCDR) plans
  • Perform a risk assessment every two to three years