Most Victim Organizations Suffer Second Intrusion Within a Year
Security experts have warned victims of sophisticated cyber-attacks not to think of intrusions as a one-off event, as a majority of organizations end up getting hit again within the year.
CrowdStrike compiled an analysis of its own incident response and managed services engagements in 2020, to produce the CrowdStrike Services Cyber Front Lines Report.
It warned that in 68% of cases where an organization had experienced an intrusion, it is targeted again within 12 months. This makes the case for continuous monitoring and response, although too many organizations still believe they can get back to business-as-usual following an intrusion, the report argued.
Another oversight related to anti-malware and endpoint detection and response (EDR) tools, which CrowdStrike claimed were either not fully deployed, not supported on the operating system or improperly configured in 30% of cases.
This may have led to the fact that these tools failed to provide adequate defense against increasingly sophisticated eCrime tactics in 40% of cases.
“It emphasizes the need to not just buy a security product, but actually invest in ensuring comprehensive coverage in your environment and proper configuration, tuning and integrating it into your security operations program to mitigate even the most sophisticated attacks,” the report argued.
When it comes to financially motivated cybercrime, the vast majority of incidents tracked by the vendor (81%) related to ransomware. The remaining 19% were split between point-of-sale intrusions, e-commerce website attacks, business email compromise (BEC) and cryptocurrency mining.
However, although the attacks often garner most headlines, state-sponsored activity remained a serious threat across a wide range of sectors, according to the report.
CrowdStrike CSO and President, Shawn Henry, argued that remote work has helped to provide new attack surfaces and vectors for attackers to exploit in 2020.
“Holistic coordination and continued vigilance are key in detecting and stopping sophisticated intrusions; because of this, we’re seeing a necessary shift from one-off emergency engagements to continuous monitoring and response,” he added.
“This will better enable incident response teams to help customers drastically reduce the average time to detect, investigate and remediate from 162 hours to less than 60 minutes.”