This blog was written and produced by Betul Yilmaz CCSFP, FoxPointe Solutions. Looking to get in touch with Betul? Reach out today: firstname.lastname@example.org.
CrowdStrike, an industry-leading next generation anti-virus software as a service solution provider, recently published a report of its observations from its incident response investigations that it conducted during 2019. The report is the product of numerous investigations, pulling in data from a variety of countries and sectors. In addition to sharing its findings, CrowdStrike also made recommendations that, frankly, we could all benefit from.
If you don’t fancy reading all 34 pages of the report, here are the top five highlights, from our perspective:
- Organizations are becoming more self-sufficient in that they’re getting better at detecting and responding to breaches without external support. There was an 11% improvement in this area compared to 2017.
- The average number of days that it took organizations to detect a compromise was 95 days, which is 10 days more than the average for 2018.
- The top three impacts that attacks in 2019 had were business disruption, data theft, and monetary loss.
- The top three methods that attackers used to gain initial access were spear-phishing, web attacks, and compromised credentials.
- Fifty-one percent (51%) of attacks included in the report were derived from malware-free techniques. Malware-free or “file-less” attacks involve using otherwise harmless applications or components that are already installed on the victim’s system as a gateway to gain entrance, rather than the attacker deploying their own malware. Under this protective disguise, it is very difficult for anti-virus/anti-malware tools to detect an intrusion.
CrowdStrike’s recommendations included the following:
- As a best practice for detecting attacks timely and efficiently, try adapting the “1-10-60” rule: one (1) minute to detect an attack, 10 minutes to investigate, 60 minutes for remediation activities. This can be challenging for smaller organizations that may not have sufficient technical and staffing resources, but this is an essential method that CrowdStrike swears by.
- Keep C-levels and your Board in the loop. Having them aware and involved will encourage the continuous improvement of your organization’s stance on security.
- A simple and effective tool that we all know and love: multifactor authentication (MFA). MFA is a tool that will never get old, and CrowdStrike recommends it on all public-facing services and portals.
- Anti-virus/anti-malware should be an obvious one, right? CrowdStrike suggests opting for solutions with machine learning capabilities to get a true understanding of your system and detect deviations more efficiently.
- A SIEM can be an invaluable tool when it comes to leveling up your security program. Although there is some initial work required to fine tune and have the right detection criteria configured, a SIEM is especially handy for log analysis and investigation of incidents.
Even though the statistics and factors change, year after year, we see reports similar to this one trying to open our eyes to the corrupt ways that criminals threaten businesses of all sectors and even our personal lives. Make sure that you’re doing enough to stay ahead of the game.
CrowdStrike’s full report can be found here.