CrowdStrike has compiled a ‘casebook’ of some of cybersecurity’s important lessons on the subjects of state-sponsored attacks, fileless malware, mean-time-to detect - and the ultimate finding that organisations are getting better at self-detection.
The company’s annual Cyber Intrusion Services Casebook looks at attack tactics, techniques, procedures and the state of breach readiness across various industries.
According to CrowdStrike Services CSO and president Shawn Henry, organisations need to be aware of emerging attack trends and techniques so they can implement best incident response strategies.
With cybersecurity becoming a core business issue, CEOs and business leaders need to improve their ability to anticipate threats, mitigate risks, and prevent damage in the wake of a security-related event,” he explains.
The casebook found that the average time between the first evidence of a compromise and its initial detection was 86 days. The company says that the longer an attacker can ‘dwell’ in an environment, the more opportunity that attacker has to find, exfiltrate and destroy data or operations.
However, organisations are getting better at detecting attacks internally. In 68% of the reviewed cases, the affected organisations were able to internally identify the breach – up from 11% over previous years.
The casebook also suggests that nation-state sponsored attacks and other cybercriminals are starting to merge.
“Both threat groups increasingly leverage similar tactics such as fileless malware and “living off the land” techniques involving processes native to the Windows operating system, including PowerShell and WMI (Windows Management Instrumentation),” the company says.
The casebook found that attack trends towards fileless malware, such as those that execute code from memory, made up 66% of all attacks. This category also includes credential theft for remote logins.
“Based on the CrowdStrike Services team’s extensive experience, this Casebook informs not only security professionals, but also executives, boards of directors and shareholders on how to prepare for and respond to intrusions in a more effective manner,” Henry continues.
CrowdStrike states that organisations must improve their resiliency if they are to protect against sophisticated threat actors.
“Relying on traditional security measures, tools and approaches is no longer effective in the face of modern cyber threats. As attacks continue to become more sophisticated and prolific, organizations must evolve their security strategies to proactively prevent, detect and respond to all attack types, including fileless malware and malware-free attacks," the company states.
In August 2017 CrowdStrike announced expansion into the Asia Pacific market.
“The CrowdStrike Falcon platform delivers to customers maximum protection against modern-day threats, along with best-in-class performance, efficacy, and efficiency,” commented CrowdStrike APAC vice president Andrew Littleproud.
“This powerful combination has allowed us to set a new standard in endpoint security, which is driving incredible momentum in our sales across APAC. We are excited to expand our presence in APAC countries and will continue to invest within the region throughout the rest of 2017.”
The company opened its APAC headquarters in 2017. Since then, the company has made strategic hires to continue its investment in the region.