CrowdStrike report highlights 2019 cyber crime "trends"

CrowdStrike has raised concerns that some organisations may still lack the technology needed to detect and protect against cyber attacks after its new report claimed to highlight an increase in adversaries’ average dwell time.

Last year saw cyber attackers’ average dwell time rise to 95 days from 85 days in 2018 — partly due to organisations’ lack of appropriate defences, as well as adversaries’ increasing abilities, CrowdStrike said in its report. 

However, the company also reported finding a “significant number of breaches” by adversaries that had “gained initial access more than a year before discovery, and in a number of cases, more than three years”. While this is concerning, excluding these cases reduces the average to around 60 days and a comparable average for 2018 was not included in the report, preventing us from confirming that the average really did increase. 

CrowdStrike also claimed business disruption was cyber attackers’ main goal last year, representing 36% of cases, with most involving ransomware, destructive malware and denial of service attacks. CrowdStrike reclassified ransomware from a financial to disruption-driven attack in 2019 as the “impact of disruption can often outweigh the loss incurred by paying the ransom”, it said in the report. Although it also said that the “adversary’s main goal in a ransomware attack is financial gain” and the “disparity [between disruption impact and financial loss] may be shrinking” as it saw cybercriminals “substantially increasing their ransom demands over the past year”. 

Despite the problems in this report, CrowdStrike does advocate for organisations having strong, correctly configured and well-understood security systems in place to reduce vulnerability and prevent companies developing a “false sense of security”.

“As adversaries are stealthier than ever, with new attack vectors on the rise, we must remain agile, proactive and committed to defeat them. They still seek the path of least resistance — as we harden one area, they focus on accessing and exploiting another,” said CrowdStrike Services’ Chief Security Officer and President, Shawn Henry.

“Strong cybersecurity posture ultimately lies within technology that ensures early detection, swift response and fast mitigation to keep adversaries off networks for good.”

Image credit: ©stock.adobe.com/au/Bits and Splits