A third of all reported incidents against businesses were caused by ransomware, destructive malware and distributed denial of service (DDoS) attacks, according to cloud-delivered endpoint protection firm CrowdStrike.
The company’s latest cybersecurity report, argues that cybercriminals are increasingly seeing business disruption as their main attack objective.
It was also said that they were able to hide their activities from cybersecurity departments much longer – 95 days on average (up from 85 days a year ago). CrowdStrike believes that businesses still lack the technology they need to reinforce their defences, prevent being exploited and mitigate potential risks.
“As adversaries are stealthier than ever, with new attack vectors on the rise, we must remain agile, proactive and committed to defeat them, “commented Shawn Henry, chief security officer and president of CrowdStrike Services.
“They still seek the path of least resistance — as we harden one area, they focus on accessing and exploiting another.”
It added that hackers would often target third-party service providers to create a sort of a force multiplier for the attacks. Cloud infrastructure as a service (IaaS) is often targeted, and Macs are no longer ignored as a platform.
Patching vulnerable systems and software would mitigate many of these problems, but patching remains a pain point, as many organisations don’t have “basic cyber-hygiene”. Even the security systems they have are often not set up properly, and as such aren’t as effective as they could be.
“The failure to enable critical settings not only leaves organizations vulnerable but also gives them a false sense of security,” the report concludes.