CrowdStrike, a Sunnyvale, California-based security vendor, has released its annual Cyber Front Lines Report, which provides an in-depth look into how adversaries are adapting to today’s security realities and offers recommendations for cybersecurity improvement.
The report suggests that intrusions are no longer a one-time event. The research team reported that organizations that experienced an intrusion experienced another intrusion attempt 68% of the time.
In at least 30% of incident response engagements, CrowdStrike observed the organization’s antivirus solutions were either incorrectly configured with weak prevention settings or not fully deployed across the environment, which may have been a factor in the threat actor gaining and maintaining access. Antivirus solutions failed to provide protection in 40% of the incidents.
The company also observed significant increases in attackers targeting public-facing applications and services in 2020. This year brought a staggering increase in volume and velocity of financially motivated attacks. Of these financially motivated attacks, 81% involved the deployment of ransomware or a precursor to ransomware activities, while only 19% included eCrime attacks such as point-of-sale intrusions, ecommerce website attacks, business email compromise and cryptocurrency mining.
“Corporate networks now span both office and home, providing a wealth of new attack surfaces and vectors that adversaries can exploit,” said Shawn Henry, chief security officer and president of CrowdStrike Services at CrowdStrike. “Holistic coordination and continued vigilance are key in detecting and stopping sophisticated intrusions. Because of this, we’re seeing a necessary shift from one-off emergency engagements to continuous monitoring and response. This will better enable incident response teams to help customers drastically reduce the average time to detect, investigate and remediate from 162 hours to less than 60 minutes.”
The CrowdStrike Services Cyber Front Lines Report reflects data derived from CrowdStrike Services incident response, managed services and proactive services engagements over 2020, spanning 15 industry sectors, residing in 34 countries and varied in size from large global organizations to regionally focused small/mid-sized businesses (SMBs).
The report reveals the broad-reaching impact remote work has had on cybersecurity, as corporate networks around the world were turned inside out to accommodate remote workers. This, in turn, had dramatic effects on how attackers targeted organizations and how defenders reacted, especially with the accelerated adoption of cloud infrastructure.