Over two thirds of companies supported by global cyber security firm CrowdStrike experienced repeated cyber attacks following the COVID-induced transition to the remote working environment.
According to the latest CrowdStrike Services Cyber Front Lines Report — which involved an analysis of CrowdStrike’s global incident response (IR) and proactive services data in 2020 across 15 industry sectors, residing in 34 countries — cyber intrusions spiked in 2020 due to the COVID-induced increase in remote work.
The research found that cyber intrusions are “no longer a one-time event”, with 68 per cent of firms experiencing a second wave of cyber attacks after acquiring CrowdStrike’s services.
The firm found that for 30 per cent of incident response engagements, organisations’ antivirus solutions were either “incorrectly configured with weak prevention settings” or “not fully deployed across the environment”.
Moreover, antivirus solutions failed to provide protection in 40 per cent of the incidents, in which either malware was undetected or a portion of the attack sequence was missed by antivirus tools.
Other findings identified by CrowdStrike include:
- a significant increase in attackers targeting public-facing applications and services;
- a sharp increase in financially-motivated attacks, 81 per cent of which involved the deployment of ransomware or a precursor to ransomware activities, while only 19 per cent included eCrime attacks such as point-of-sale intrusions, ecommerce website attacks, business email compromise and cryptocurrency mining;
- continued intrusions from state-sponsored actors; and
- outside counsel retained CrowdStrike to advise its clients in 49 per cent of the incidents investigated in 2020.
“Remote work has redefined the playing field between cyber attackers and defenders, and that’s clearly demonstrated in the CrowdStrike Services Cyber Front Lines Report,” Shawn Henry, chief security officer and president of CrowdStrike Services said.
“Corporate networks now span both office and home, providing a wealth of new attack surfaces and vectors that adversaries can exploit.
“Holistic coordination and continued vigilance are key in detecting and stopping sophisticated intrusions. Because of this, we’re seeing a necessary shift from one-off emergency engagements to continuous monitoring and response.”
Henry concluded: “This will better enable incident response teams to help customers drastically reduce the average time to detect, investigate and remediate from 162 hours to less than 60 minutes.”
[Related: COVID triggers 75% spike in cyber attacks]