Intrusions are no longer a one-time event and 68% of organizations that fell victim to an intrusion in 2020 experienced an additional intrusion attempt, and traditional antivirus solutions failed in 40% of observed incidents, according to the latest annual CrowdStrike Services Cyber Front Lines Report.
The report is based on an analysis based on the insights and observations of CrowdStrike’s global incident response (IR) and proactive services teams in 2020,
Among organizations that experienced an intrusion before leveraging CrowdStrike to manage their endpoint protection and remediation efforts, 68% experienced another intrusion attempt, which was prevented.
The report says that buying technology alone is not enough without full configuration. In at least 30% of incident response engagements, CrowdStrike found that the target organisation’s antivirus solutions were either incorrectly configured with weak prevention settings or not fully deployed across the environment.
Antivirus solutions also failed to prevent an intrusion in 40% of incidents, in which either malware was undetected or a portion of the attack sequence was missed by antivirus tools.
The report also found 2020 brings staggering increase in volume and velocity of financially motivated attacks. Of these, 81% involved the deployment of ransomware or a precursor to ransomware activities while only 19% included eCrime attacks such as point-of-sale intrusions, ecommerce website attacks, business email compromise and cryptocurrency mining.
“Remote work has redefined the playing field between cyber attackers and defenders, and that’s clearly demonstrated in the CrowdStrike Services Cyber Front Lines Report. Corporate networks now span both office and home, providing a wealth of new attack surfaces and vectors that adversaries can exploit,” said Shawn Henry, chief security officer and president of CrowdStrike Services at CrowdStrike.
“Holistic coordination and continued vigilance are key in detecting and stopping sophisticated intrusions. Because of this, we’re seeing a necessary shift from one-off emergency engagements to continuous monitoring and response”