CrowdStrike’s Threat Summit in Australia celebrates the power of the protectors

“If you go back a couple of years, cyber security felt like a very niche topic among a group of people; now it’s really being talked about around kitchen tables, dining tables and the cabinet table. So we, in government, need to take big strides in terms of the work that we do to protect Australians from the consequences of cyber attacks,” said Home Affairs Minister Clare O’Neil at the recent CrowdStrike Threat Summit. “CrowdStrike’s threat reports are really informative. You just can’t have enough of that sort of information when you’re dealing with issues as big as the cyber security threat we face.”

CrowdStrike’s APJ and META Intelligence Strategy director, Scott Jarkoff, is on stage in front of 600 Sydney cyber security professionals, the second of three Threat Summit events being held across Australia to help arm organisations against the increasing volume of cyber attacks. The previous week, CrowdStrike had presented to over 600 Melbourne-based security leaders, and then in early August, another 400-plus in Brisbane.

Jarkoff points to the figures on screen and lets them sink in. Breakout time – the average time that it takes cyber criminals to move laterally from their initial breach heads into a victim’s systems in 2023 – continues to reduce, down to 79 minutes, according to the recent CrowdStrike 2023 Threat Hunting Report. In short, it represents the fact that cyber criminals are getting quicker at moving from an initial compromised host to another in a victim’s environment, meaning defenders have far less time to minimise the cost and impact of an attack today than in previous years. The fastest breakout time recorded, according to the 2023 report, was just seven minutes.

What is driving the increased efficiency of cyber criminals? Jarkoff summed up the findings of CrowdStrike’s intel and threat-hunting groups as the “professionalisation of the cyber criminal landscape”.

The past 12 months have been the year of the identity attack. CrowdStrike’s Threat Hunting Report shows that 71 per cent of interactive intrusions – those conducted by a human attacker – were malware-free. Moreover, 62 per cent of interactive intrusions involved the abuse of valid accounts, while CrowdStrike has tracked a 147 per cent year-on-year growth in access broker advertisements on the dark web, up from 112 per cent just six months ago.

All of this suggests the criminal ecosystem is becoming more professional, driven by market demand. But the event series was about celebrating the protectors, those teams on the front lines of defending their organisations from attacks and, regardless of the noise over the past year to the contrary, they’re doing an incredible job under very trying circumstances.

If you’re feeling overwhelmed, you’re not alone

However, even the most knowledgeable and best-equipped security teams are feeling the strain. “Everyone is tired, everyone is understaffed, and everyone is underfunded,” said one chief information security officer at a leading Australian organisation, during a panel discussion on stage moderated by CrowdStrike’s ANZ vice-president and managing director, Brett Raphael.

VIEW ALL

The four “protectors” on stage, representing leading Australian organisations across a variety of sectors, all agreed with the data presented: the threat is only going to get harder to defend against, particularly with AI-armed attackers. AI-powered attacks will see poorly worded phishing emails replaced by sophisticated, well-timed requests that have been socially engineered to force employees into easy mistakes.

This technology will lower the barrier for entry for attackers, meaning such professional attacks will become easier to launch. This makes it even more crucial to shift from a reactive approach to cyber security to a proactive approach capitalising on AI and other advanced security technologies, from XDR, cloud security and identity management alongside threat intelligence and threat hunting. “Forget AI. Most organisations haven’t even got to the stage of automation yet,” one of the “protectors” attending the event said, highlighting the basic technology investments that still need to be taken to aid security teams in their fight to keep organisations protected.

The crowd provides visibility

How can organisations realistically prepare themselves for an increasingly professional, effective and well-armed adversary? “Apathy is still the biggest enemy,” said another “protector” at the event. This emphasised the need for continued employee education and adoption of basic practices such as multifactor authentication (MFA).

For many security teams, it must feel like they are fighting a lonely battle, convincing apathetic employees and other stakeholders of the importance of such steps. Better then, to be fighting the fight with the support of millions of other professionals behind you.

“Our company name is synonymous with what we do. As a cloud-delivered and cloud-native cyber security company, the power of the crowd is about how we use telemetry from the tens of millions of endpoints around the globe to make our tools smarter through machine learning models along with the collaborative intelligence we’re able to glean from the platform,” said Fabio Fratucello, CrowdStrike’s field chief technology officer for international markets, on stage at the event. “This intelligence is then shared with our customers, so the power of the crowd means that they’re able to learn from adversary activities and be better protected in future.”

“The strike part gets back to how we disrupt the adversary, how we raise the cost of their operations, how we make life harder for them. When you take the analytics and data then use that to disrupt adversaries, that’s CrowdStrike.”

The CrowdStrike Falcon platform is powered by the CrowdStrike Security Cloud – one of the world’s largest unified, threat-centric data fabrics – that correlates trillions of security events per day. The platform ensures a rapid, cohesive response to threats that is very hard to achieve by cobbling together disparate point solutions.

As Fratucello explained, this crowd-based approach is made possible only through a lightweight, but all capable, agent. The same CrowdStrike Falcon sensor that protects millions of endpoint devices eliminates deployment overheads and ensures easier maintenance, further aiding overstretched security teams.

Drawing from the power of the crowd

As a result of a number of high-profile cyber breaches impacting blue-chip Australian firms, 2022 was the year that cyber security jumped from being a significant risk to being top of the business agenda and permeating out into the minds of everyday people. “The government’s focus on cyber security has been very helpful for spotlighting the importance of the security team and enabling us, as leaders, to build support from the board and other stakeholders in our business,” said one “protector” on stage.

“Cyber threats will continue to grow as current technologies evolve and new ones like AI emerge. We must assume breach and build on our resilience rather than try and convince ourselves we are impenetrable,” said Air Marshal Darren Goldie, the national cyber security coordinator, while speaking at the CrowdStrike Threat Summit in Brisbane. “We’re looking at key issues like ransom payments, helping small businesses across the nation, and ensuring we can respond to incidents in an effective and coordinated fashion. We need to be better at holding ourselves to account, learning lessons and communicating those across the nation.

The task of securing an organisation against ever-increasing breach attempts can feel overwhelming. Cyber criminals will continue to get faster and more sophisticated, driven by the development of an ever more professional ecosystem. Now, AI has the potential to supercharge their TTPs.

But security teams have technology, intelligence and capabilities to help them win the fight. The message at the Threat Summit was, with the power of the crowd, you’re never alone; you’re never out flanked or outgunned.

Geoff Swaine is the vice-president of APJ at CrowdStrike