The nature of Cybersecurity is said to have been irreversibly changed and shifted with the onset of major disruptions arising from the social, economic, and technological shifts from COVID 19. Most notably, the force was heavily felt by our frontline security teams as the uncertainty and force of cyberattacks and breaches alike constantly sounded the alarms on our critical infrastructure systems.
Keeping that in mind, CrowdStrike have gathered and collated observations from their elite CrowdStrike Intelligence and Falcon OverWatch™ teams and Security Cloud to provide insights into the ever-ominous threat landscape.
Below are the top 9 Takeaways from CrowdStrikes 2022 Global Threat Report:
1. It is imperative that all workloads are protectedIt comes as little surprise to say that an organisation is only secure if they ensure all assets involved are protected, particularly those involved in critical areas of enterprise risk according to CrowdStrike. Of course, referring to ‘endpoints and cloud workloads, identity and data’. CrowdStrike believe the best method in securing assets is by adopting solutions that ‘deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritised observability of vulnerabilities’. As a direct result, by ensuring asset inventory and vulnerability management is consistent, it in turn provides organisations with strong IT hygiene habits.
2. Organisations should know their Adversary
All cyberattacks are fueled by a human force, irrespective of whether it’s a small or large scaled attack. CrowdStrike therefore believe that to better prepare for the onslaught of an incoming attack, organisations can somewhat predict the best defence tools and tactics by examining which adversaries are most likely to attack their industry along with the geolocation of the organisation.
3. It is crucial for organisations to be ready at any second
Often the key factor in determining whether an organisation successfully overcomes a cyberattack or not is down to the speed of combat. That is, the longer it takes an organisation to address and rectify the attack, the more devastating the consequences will be.
CrowdStrike advocate that all security teams, regardless of their composition or size, should invest in maximising their speed and agility with daily tactical decision making to ensure the ‘preventive, detection, investigative and response’ workflows are operating at maximum efficiency.
4. Modern Attacks should be nipped at the budCrowdStrike have discovered that approximately 80% of cyberattacks are leveraged on identity-based attacks that seek to compromise legitimate credentials. Perhaps the largest issue at hand is the lateral movement of these attacks as they often evade detection. To overcome the latter, with the implementation of CrowdStrike's Falcon Identity Threat Protection, organisations will be provided with accurate threat detection and real-time prevention to enforce risk-based conditional access.
5. It is beneficial for organisations to adopt Zero TrustNoting that the key motive for adversaries is to monetise off their cyberattacks, whether it be through ransom, extortion or even data auctions. With today’s technological advancements and current global economy requiring data accessibility virtually anywhere at any time, adopting a Zero Trust model would be beneficial to ensure data and identity are fully protected.
Perhaps the most terrifying factor behind adversaries is their collaboration and congregations via hidden messaging platforms and dark web forums according to CrowdStrike. It therefore doesn’t come as a surprise when security experts hound the importance of monitoring the Criminal Underground to ensure our frontline security teams remain vigilant and aware of any impending attacks.
7. Misconfigurations should be addressedUnfortunately, CrowdStrike found that the largest contributing factor to cloud intrusion comes from within our organisations - that is, human errors associated with administrative activities that often catch us off guard and unleash a can of worms. Hence why developing and implementing new infrastructure with default patterns is beneficial as they can often be a way of eliminating human error.
8. Investing in Elite Threat Hunting would be advantageousAccording to CrowdStrike, 62% of attacks involved non-malware and hands-on-keyboard activity. As a result, autonomous machine learning is no longer effective on its own when it comes to stopping these attacks, particularly when adversaries are constantly fine-tuning their tradecraft to bypass existing legacy security solutions. Its time to invest in elite threat hunting.
9. Organisations should seek to build a unified Cybersecurity CultureAlthough technology remains as a key factor in the detection of these intrusions, the crucial link to execution is the end user when it comes to stopping the data breaches. Factoring this in, CrowdStrike strongly suggest that organisations invest in user awareness programs as they can be a useful tool when it comes to combatting phishing threats and their counterparts.
To read the full CrowdStrikes 2022 Global Threat Report click here. Or if you would like to find out about Zero Trust Security visit the resource centre here.