Key Findings: CrowdStrike Services Cyber Front Lines Report
In December 2020, CrowdStrike has released its annual Cyber Front Lines Report, bringing together insights and observations from a dedicated team of cybersecurity professionals from organisations large and small in over 34 countries.
In the unprecedented year of 2020, where a global pandemic rapidly changed the way we live and work, the task of cybersecurity has become ever more complicated. The report’s unique front-line view gives a greater insight into what cybersecurity experts deal with daily. By looking at the report, not only can we learn how our adversaries have adapted, but we can take advantage of recommendations and pragmatic steps to improve the cybersecurity posture of our organisations.
What Are the Key Findings?
The trends from CrowdStrike Services report was derived from data points and insights collected from a wide variety of incidents over the past 12 months. Some of the key findings from the report include:
- Attacks are more financially motivated – 63% of CrowdStrike Services cases over the past year were financially motivated, and 81% of those financially-motivated attacks involved the deployment of ransomware or a precursor to ransomware activities.
- Data-leak extortion tactics are more common – in previous years eCrime adversaries seldom exfiltrated data, however in 2020 a widespread adoption of ransomware using data-leak extortion was observed.
- eCrime adversaries are collaborating – CrowdStrike has observed formal collaboration between eCrime adversaries as well as new tactics being used and spread among different eCrime actors.
- Antivirus solutions are often insufficient – of the incidents CrowdStrike responded to in 2020, 40% saw antivirus solutions fail to provide protection with malware being undetected or part of the attack sequence being missed.
- Dwell time remains high – while the average time an adversary has access to a compromised system before detection is down from 95 days in 2019, it remains high at 79 days.
- Intrusions are rarely a one-off event – of the organisations that experienced an intrusion and called upon CrowdStrike to manage their ongoing endpoint protection and remediation efforts, 68% experienced another intrusion attempt within 12 months.
- Threat actors target neglected infrastructure – a vulnerability was observed in infrastructure slated for retirement due to it no longer receiving security configuration updates and regular maintenance. However, it still contained critical business data and systems.
- Public-facing applications allow access – public-facing applications were used in 30% of investigated cases to gain initial access to an environment as adversaries capitalised on new vulnerabilities.
- State-sponsored adversaries target organisations big and small – CrowdStrike saw organisations ranging from 500 to 50,000+ endpoints across ten industries targeted, with attacks often compromising cloud infrastructure, being more sophisticated and leaving smaller footprints.
Recommendations from the Report
As well as delivering key findings and statistics, CrowdStrike’s report offers some recommendations to help organisations mitigate the risks of today’s sophisticated attacks. Some of the key recommendations include:
- Adopting next-generation antivirus solutions – these solutions leverage the cloud for scalability and use modern techniques to identify advanced threats. Moreover, organisations need to ensure any solution provides comprehensive coverage and is properly configured.
- Shifting tactics from response to continuous monitoring – organisations should examine their response times and look for opportunities to lower these metrics.
- Performing the fundamentals of cybersecurity – in a work-from-anywhere landscape, security teams must remain vigilant, and all information security employees should understand their roles and be ready to perform them.
- Focusing on effective identity and device-based access controls – when migrating to cloud-centric architectures, organisations should begin to steer access controls towards a posture of Zero Trust.
- Building a bulletproof backup strategy – to avoid not having adequate backups or allowing backups to become encrypted during a ransomware attack, organisations should work on strengthening their backup strategy.
- Protecting internet-facing applications – best practices such as multi-factor authentication, ensuring applications and operating systems are up to date and installing all vendor-release patches are vital.
- Adopting cloud-focused assessment strategies – using traditional methods to assess an organisation’s security posture is insufficient in a cloud environment. Cloud security assessments can help to identify gaps.
- Focusing on the post-incident period – cybersecurity shouldn’t just be about preparation; it should also be about applying lessons learned. By focusing attention more holistically, organisations can drive change.
- Ensuring continuous monitoring and response – by planning for real-time, continuous monitoring and response, rather than reactive emergency intrusion response, investigation and remediation time can reduce drastically.
How to Improve Your Organisation’s Defence
Remote working has redefined the playing field this year, providing a wealth of new attack surfaces for our adversaries to exploit. Holistic coordination and continued vigilance are more important than ever if your organisation is to detect and stop sophisticated instructions. However, by heeding the observations and recommendations in CrowdStrike’s report, you have an opportunity to make significant improvements in your organisation’s ability to defend against the most common types of cyberattacks.
To learn more, and inform your security strategy for 2021 and beyond, read the report in full here.
see our
Related resources
Cybersecurity should be front of mind for every organisation, especially in the wake of the current global pandemic. Our ways of working have changed immensely, with a surge in the volume of remote workers using different networks, devices, and platforms. Meanwhile, our businesses are using cloud computing and IoT technologies to facilitate new ways of working, reduce costs, and improve performance. The result is that the attack surface has increased, and with that comes an increase in the volume of cyber threats.
There are images of extensive, verbose documents, complex definitions, and eye-watering Excel sheets when the term GRC is mentioned. For the past two decades, GRC has been central to core business processes across many organisations at both ends of the enterprise spectrum, as well as in the small-to-medium business space in recent times.
But the world has moved on; organisations are forced to embrace digital disruption and agility if they haven’t done so whole-heartedly. And this very disruption is positioning GRC to become less-than-ideal to solve the challenges that said disruption brings with it.
Phishing attacks have increased dramatically over the last few years, with the global pandemic escalating the situation further. Cybercriminals take advantage of insecurities and fear and play on human nature to trick and deceive. In fact, according to the OAIC, phishing attacks that involved compromised credentials accounted for 30% of all cyber incidents in the first half of 2021. And human error formed a major source of these breaches. Unfortunately, due to the clever social engineering tactics used by cybercriminals, technical filters alone aren’t sufficient to protect against phishing.
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Article updated 27th June 2022
Secure Access Service Edge, better known as SASE (pronounced sassy – yes that is right) was one of the new security terms on the block in 2019. But it’s actually been around for some time, just without its official moniker. It is expected that by 2024, at least 40% of enterprises will have strategies in place to adopt SASE, according to Gartner.
In this post, we take a look at why its popularity is increasing, what the term means, and how vendors and organisations are utilising it to enable digital transformation.
We're Here To Help