Improving readiness for ransomware
With ransomware behind 81% of financially motivated cyber attacks, CrowdStrike’s Cyber Front Lines Report paints a clear picture of how attackers are adapting to the current reality, and offers concrete steps to improving cyber security readiness
The CrowdStrike Services Cyber Front Lines Report brings together the insights and observations of dedicated CrowdStrike team members from all corners of the globe, who work tirelessly to help organizations defend against and recover from intrusions every day.
Not only does the report provide a clear picture of how adversaries are adapting to today’s realities, it also includes concrete recommendations that you can implement in your organization today to improve your cybersecurity readiness.
The findings and trends in this report are derived from data points and insights collected from a wide variety of incident response (IR) engagements and proactive services activities over the past 12 months.
Key findings from these metrics include:
The volume and velocity of financially motivated attacks are staggering
Financially motivated attacks represented 63% of CrowdStrike Services cases over the past year, with 81% of financially motivated attacks involving the deployment of ransomware or a precursor to ransomware activities.
Buying technology alone is not enough — configuration, coverage and management matters
In at least 30% of incident response engagements, CrowdStrike observed the organization’s antivirus solutions were either incorrectly configured with weak prevention settings or not fully deployed across the environment, which may have been a factor in the threat actor gaining and maintaining access.
Intrusions should not be thought of as a one-time event
The Services team looked at organizations that experienced an intrusion and then leveraged CrowdStrike to manage their endpoint protection and remediation efforts moving forward. CrowdStrike identified that 68% of those organizations experienced another intrusion attempt, which was prevented.
Shifting to continuous monitoring and response changes the game
Rather than thinking of intrusion response as a one-off emergency activity, mature organizations plan for real-time, continuous monitoring and response.
CrowdStrike’s Falcon Complete managed service offering reduced the average time to detect, investigate and remediate from a total of 162 hours — nearly seven days — to less than one hour for customers.
Outside counsel is playing a bigger role in the incident response process
Outside counsel retained CrowdStrike to advise its clients in 49% of the incidents investigated in 2020.
In addition to these findings, CrowdStrike’s incident responders identified a number of key themes in 2020. Organizations should be mindful of the following:
Widespread remote work has broad-reaching effects on cybersecurity
Networks around the world were turned inside out as office workers became remote workers, with dramatic effects on how attackers target organizations and how defenders must react.
Ransomware actors have learned new tricks
Not content with just encrypting data for extortion, eCrime actors are increasingly destroying and/or threatening to leak data, as they target ever-larger ransom payments.
Cloud infrastructure requires special attention from defenders
The global pandemic accelerated digital transformation - including cloud adoption - for many organizations, and attackers took advantage of this attack surface.
Defending the cloud requires additional planning and focus beyond traditional on-premises networks.
Weaknesses in public-facing applications and services are increasingly dangerous
CrowdStrike observed significant increases in attackers targeting public-facing applications and services in 2020. Defenders must continue to be vigilant to ensure no exterior gaps exist for an adversary to use as an initial foothold.
State-sponsored adversaries leave smaller footprints
While eCrime actors got most of the headlines in 2020, state-sponsored adversaries remained active across a wide range of sectors. Detecting and stopping these sophisticated intrusions requires a well-coordinated and holistic response.
Organizations focused on driving key security enhancements can stop the next breach
An intrusion can happen to any organization - how you respond and learn from prior incidents can make a significant difference on the impact of the next breach.
Organizations that heed the observations and recommendations in this report will see significant improvements in their ability to defend against many of the common types of attacks.
CrowdStrike is here to help, providing highly skilled cybersecurity professionals who partner with clients, ensuring that the adversaries are defeated and any damage is quickly remediated.
Click here to read the CrowdStrike Services Cyber Front Lines Report