Earlier this month, global endpoint security provider, CrowdStrike, released their Services Cyber Front Line Report. This year’s version of the report looks at key cybersecurity trends and themes that the company observed while responding to and remediating the global threats facing their customers in 2019.
Since CrowdStrike is trusted by some of the world’s most recognizable brands and largest government agencies to help respond to global threats, there are many lessons learned and best practices that can be gleaned from their work over the course of a calendar year. And this year’s Services Report illustrates that – providing an in-depth and valuable look into how the threat landscape facing government entities shifted and evolved in 2019 and giving governments and their agencies recommendations for the coming year.
One of the key findings in this year’s report that we found most intriguing had to do with the impact of data breaches in 2019. While many of us anticipated that data theft would be the most frequently reported impact of breaches, it actually came in second. The most prevalent impact of breaches in 2019 was surprisingly business disruption.
In hindsight – considering the number of ransomware attacks reported in 2019 – this probably shouldn’t have been a surprise, but it does illustrate how large of a threat ransomware is for government institutions. And, with the report also finding that eCrime actors are starting to request higher ransoms, government agencies could start to see the cost of lax security skyrocket.
Also included in the Services Cyber Front Line Report are six key cybersecurity trends that CrowdStrike identified in the previous year, and that will continue to impact governments in 2020. Here are six cybersecurity themes that government agencies should keep in mind in 2020:
Attackers are more deliberate and targeted in their efforts to automate Active Directory reconnaissance.
The use of modern tools such as BloodHound has simplified and automated this process, making attacks easier for bad actors but also providing defenders with a tool they can leverage to identify and remediate weaknesses.
Third-party compromises serve as a force multiplier for attacks.
Threat actors are increasingly targeting third-party service providers to compromise their customers and scale attacks.
Attackers are targeting cloud infrastructure as a service (IaaS).
Threat activity around API keys for public, cloud-based infrastructure has become more targeted as attackers increase their ability to rapidly and systematically harvest information assets.
Macs are now clearly in the crosshairs of the cyber fight.
Threat actors are increasingly targeting macOS environments, using LOTL with native applications and capitalizing on security tools that are less widely used than those available for Windows systems in the same organization.
Patching remains a problem.
Basic hygiene still matters, and even though organizations have gotten better at patching, the factors that make patching a challenge have become more complex.
How prevention is configured impacts its effectiveness.
The report finds that many organizations fail to leverage the capabilities of the tools they already have. This failure to enable critical settings not only leaves organizations vulnerable, it also gives them a false sense of security.
There are many other interesting cybersecurity trends and take-aways in the full CrowdStrike Services Cyber Front Line Report. To read the report in its entirety, click HERE.
