Written by: Damien Lewke of Crowdstrike
The holidays are a time for reflection, getting together with friends, shopping — and increasingly, cybercrime. With the rise of e-commerce, adversaries gleefully look forward to the holidays as an opportunity to harvest valuable payment and credential information from record numbers of unsuspecting online shoppers. In the United States alone, online retail spending during this holiday season rose 19 percent over last year. In fact, over one-quarter of all consumers shopped online exclusively, which puts additional strain on web server resources and secure payment processing. Even as we turn the corner into the new year, shopping volumes remain high as gift cards and product exchanges take precedence.
Adversaries have taken note of this increased activity and are stepping up their efforts to steal your data. Generally, IT teams are aware of this seasonal spike in threat activity, but most organizations lack the resources to adequately deal with it. Legacy endpoint security products can contribute to the problem because they routinely fail silently, and once the intruder gets in, they can establish persistence and extend their dwell time — to an average of 85 days, according to the CrowdStrike® Services Cyber Intrusion Casebook 2018. One of the trends observed by CrowdStrike and discussed in the Casebook is that eCrime actors are employing more creative tactics and techniques in their quest to monetize attacks. These attacks tend to peak during heavy online shopping days, reminding us that despite our goodwill and cheer, cybersecurity must be a paramount focus during the holiday season.
Keeping Yourself Safe
To help you be better prepared for the seasonal spike in cybercrime during, the team at CrowdStrike has some tips. By combining security hygiene best practices with comprehensive endpoint security, organizations can be ready to address opportunistic attackers before they gain a foothold in your network.
The following are some best practices that can help keep your organization secure now and throughout the coming year:
- Find a Framework: Applying a framework to your security strategy gives you a template to effectively implement your security policies and solutions. The MITRE ATT&CK framework provides a comprehensive, yet easy-to-understand methodology for security teams looking to investigate, understand and respond to both commodity and sophisticated threats in their environments. In addition, MITRE provides valuable non-paid, third-party testing and evaluations that can help you make the right purchasing decision. CrowdStrike was recently tested by MITRE with spectacular results — read our blog about MITRE’s evaluation results.
- Check Email Twice: Business email compromises (BECs) via social engineering, phishing and spear-phishing accounted for one-third of attacks this year, according to CrowdStrike Services. Emails may look legitimate and come addressed from a “trusted sender,” but be sure to verify that emails are digitally signed. Also, don’t open unknown attachments, and when in doubt, don’t just “click the link.” Learn more about protecting yourself from the menace of BECs in this on-demand webcast.
- Patch Proactively: Don’t let the “ghost of ransomware past” haunt you. In 2017, the infamous WannaCry attack spread like wildfire, causing destruction wherever it went, despite the availability of patches for months in advance. That’s why it’s critical to proactively prioritize and address patching needs on your systems by assessing and managing vulnerabilities in your environment consistently.
- See Everything: Comprehensive visibility is critical. Endpoint detection and response (EDR) solutionsprovide the visibility necessary to see all the activity on your endpoints. However, be sure and choose wisely. Look for a solution that can lower costs and implementation time, with cloud-native architecture, zero on-premises infrastructure and real-time visibility — it will increase your holiday cheer exponentially.
- Stop Bad Behavior: Even legitimate programs can be weaponized by bad actors. System tools like PowerShell are used by attackers to bypass endpoint protection solutions. It’s important that you deploy a system that looks at applications’ behavior and stops an attack, rather than detecting one only when it’s too late and your data is gone.
The Gift that Keeps on Giving: Comprehensive Endpoint Security
The CrowdStrike Falcon® platform stops adversaries before they before they do damage by leveraging artificial intelligence, offering instant visibility and protection across the enterprise and preventing attacks on endpoints, whether they are on or off the network. Falcon protects customers against all cyberattack types — not just during the holidays when bad actors are busy — but all year by combining signatureless AI and behavioral indicator-of-attack (IOA) based threat prevention to stop known and unknown threats in real time.
Get 2019 off to a good start by giving your organization the gift of comprehensive endpoint security delivered by the CrowdStrike Falcon platform — and have a Secure and Happy New Year!