Key Findings: CrowdStrike Services Cyber Front Lines Report
In December 2020, CrowdStrike has released its annual Cyber Front Lines Report, bringing together insights and observations from a dedicated team of cybersecurity professionals from organisations large and small in over 34 countries.
In the unprecedented year of 2020, where a global pandemic rapidly changed the way we live and work, the task of cybersecurity has become ever more complicated. The report’s unique front-line view gives a greater insight into what cybersecurity experts deal with daily. By looking at the report, not only can we learn how our adversaries have adapted, but we can take advantage of recommendations and pragmatic steps to improve the cybersecurity posture of our organisations.
What Are the Key Findings?
The trends from CrowdStrike Services report was derived from data points and insights collected from a wide variety of incidents over the past 12 months. Some of the key findings from the report include:
- Attacks are more financially motivated – 63% of CrowdStrike Services cases over the past year were financially motivated, and 81% of those financially-motivated attacks involved the deployment of ransomware or a precursor to ransomware activities.
- Data-leak extortion tactics are more common – in previous years eCrime adversaries seldom exfiltrated data, however in 2020 a widespread adoption of ransomware using data-leak extortion was observed.
- eCrime adversaries are collaborating – CrowdStrike has observed formal collaboration between eCrime adversaries as well as new tactics being used and spread among different eCrime actors.
- Antivirus solutions are often insufficient – of the incidents CrowdStrike responded to in 2020, 40% saw antivirus solutions fail to provide protection with malware being undetected or part of the attack sequence being missed.
- Dwell time remains high – while the average time an adversary has access to a compromised system before detection is down from 95 days in 2019, it remains high at 79 days.
- Intrusions are rarely a one-off event – of the organisations that experienced an intrusion and called upon CrowdStrike to manage their ongoing endpoint protection and remediation efforts, 68% experienced another intrusion attempt within 12 months.
- Threat actors target neglected infrastructure – a vulnerability was observed in infrastructure slated for retirement due to it no longer receiving security configuration updates and regular maintenance. However, it still contained critical business data and systems.
- Public-facing applications allow access – public-facing applications were used in 30% of investigated cases to gain initial access to an environment as adversaries capitalised on new vulnerabilities.
- State-sponsored adversaries target organisations big and small – CrowdStrike saw organisations ranging from 500 to 50,000+ endpoints across ten industries targeted, with attacks often compromising cloud infrastructure, being more sophisticated and leaving smaller footprints.
Recommendations from the Report
As well as delivering key findings and statistics, CrowdStrike’s report offers some recommendations to help organisations mitigate the risks of today’s sophisticated attacks. Some of the key recommendations include:
- Adopting next-generation antivirus solutions – these solutions leverage the cloud for scalability and use modern techniques to identify advanced threats. Moreover, organisations need to ensure any solution provides comprehensive coverage and is properly configured.
- Shifting tactics from response to continuous monitoring – organisations should examine their response times and look for opportunities to lower these metrics.
- Performing the fundamentals of cybersecurity – in a work-from-anywhere landscape, security teams must remain vigilant, and all information security employees should understand their roles and be ready to perform them.
- Focusing on effective identity and device-based access controls – when migrating to cloud-centric architectures, organisations should begin to steer access controls towards a posture of Zero Trust.
- Building a bulletproof backup strategy – to avoid not having adequate backups or allowing backups to become encrypted during a ransomware attack, organisations should work on strengthening their backup strategy.
- Protecting internet-facing applications – best practices such as multi-factor authentication, ensuring applications and operating systems are up to date and installing all vendor-release patches are vital.
- Adopting cloud-focused assessment strategies – using traditional methods to assess an organisation’s security posture is insufficient in a cloud environment. Cloud security assessments can help to identify gaps.
- Focusing on the post-incident period – cybersecurity shouldn’t just be about preparation; it should also be about applying lessons learned. By focusing attention more holistically, organisations can drive change.
- Ensuring continuous monitoring and response – by planning for real-time, continuous monitoring and response, rather than reactive emergency intrusion response, investigation and remediation time can reduce drastically.
How to Improve Your Organisation’s Defence
Remote working has redefined the playing field this year, providing a wealth of new attack surfaces for our adversaries to exploit. Holistic coordination and continued vigilance are more important than ever if your organisation is to detect and stop sophisticated instructions. However, by heeding the observations and recommendations in CrowdStrike’s report, you have an opportunity to make significant improvements in your organisation’s ability to defend against the most common types of cyberattacks.
To learn more, and inform your security strategy for 2021 and beyond, read the report in full here.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help