Key Findings from the Crowdstrike Cyber Intrusion Services Casebook 2017
Crowdstrike, an endpoint security solutions provider who made headlines again this year for its role in the investigation of the DNC data breach, released its annual Cyber Intrusion Services Casebook this morning. The Casebook offers insights for both the year past, one marked by numerous high profile hacks, and the year ahead which may hold even greater threats through statistics, predictions, and case studies from select clients.
Reading through the casebook, we noticed some fascinating findings that revealed just how blurry the lines between endpoint security—Crowdstrike’s main field—and Identity Access and Privileged Access management can be in this continuous war against the unscrupulous thieves banging at our virtual doors. The ideal solution for 2018 will be multi-faceted, adaptable, and capable of securing your data in as many capacities as possible.
With that in mind, here are some select key findings from Crowdstrike’s Casebook:
The Average Attacker Dwell Time is 86 Days
Dwell time refers to the period between the initial compromise and its discovery. Therefore, 86 days is a shocking, anxiety-provoking number—nearly an entire quarter! The longer hackers have unchecked in your server, the more information they can siphon and the more damage they can wreck. Much like any other infection, catching hackers early is the key to protecting proprietary and customer data.
The Majority of Modern Attacks are Malware-Free
Crowdstrike defines “malware-free” as any attack that doesn’t initially download a file or code onto the server disk. In other words, the majority of attacks—66%—don’t look like what traditional anti-malware is designed to detect and block. Instead, the majority of hacks start with stolen login credentials, running codes from memory, or using social engineering techniques.
Cloud Migration Will Prove a Headache
Gartner predicts that the plurality of cloud security failures through 2020—95%—will be due to customer neglect or error. And Crowdstrike predicts that as more companies migrate to the cloud for their information storage and security needs these failures could prove company-wide vulnerabilities, especially with new attack methods designed to spread through entire servers when breached. Once again, compromised credentials will be a key factor in these future hacks.
Hackers are Evolving Their Techniques and Innovating
State-sponsored hackers have become part of the national conversation this year more than at any other time, but the differences between those with government backing and those without are blurring, according to Crowdstrike. Stateless actors are using similar methods such as the malware-less attacks and anti-forensics tools to scrub their presence from the eyes of detection programs. Both are utilizing processes native to the Windows operating systems as doorways into secure networks.
Staying Ahead of the Hackers Will Be Serious Work
The WannaCry attack in particular revealed just how vulnerable critical systems are when they’re not kept up to date nor properly monitored. Poor Identity Access Management techniques and failure to deploy security patches properly could be leaving the door open for data thieves, as Crowdstrike determined in many of its case studies.
Information security in 2018 will be a marathon, not a sprint, so it is best to start warming up now. We’ll need to hit the ground running.
You can download the Crowdstrike Cyber Intrusion Services Casebook 2017 here.