Cybercriminals are increasingly using malware-free tactics to target global organizations, according to the "2020 CrowdStrike Global Threat Report."
CrowdStrike Global Threat Report results included:
- 51 percent of cyberattacks involved the use of malware-free techniques, compared to 40 percent one year earlier.
- The largest ransom demand was $12.5 million, and it was associated with a Ryuk ransomware attack.
- The top industries targeted during enterprise ransomware attacks were local government, education, technology, healthcare, manufacturing, financial services and media.
In addition, eCrime behavior increased year over year, the CrowdStrike report revealed. eCrime can leave organizations inoperable for an extended period of time, and organizations need a security strategy to combat eCrime and other cyber threats.
Introducing the '1-10-60 Rule'
Organizations require a process that allows them to prevent, detect and respond to cyber threats with speed and agility, CrowdStrike indicated. To create this process, CrowdStrike is encouraging organizations to use the "1-10-60 rule," which involves:
- Detecting cyber intrusions in under 1 minute.
- Investigating these intrusions in 10 minutes.
- Containing and eliminating them in 60 minutes.
Organizations that meet this benchmark are more likely to stop a cyberattack before it spreads from its initial entry point, CrowdStrike stated. In doing so, these organizations can minimize a cyberattack's impact on its employees, customers and operations.
Cybersecurity Tips for 2020
- Prioritize API security.
- Use multi-factor authentication (MFA) across networks and applications.
- Employ top cybersecurity talent.
- Develop and execute proper security controls across an organization.
- Leverage the Technology Solution Provider Information Sharing and Analysis Organization (TSP-ISAO).
MSSPs can play important roles in helping organizations guard against cyberattacks, too. They can offer security services to help organizations detect and address cyberattacks, along with tips and recommendations to ensure organizations can optimize their cybersecurity strategies.