The CrowdStrike Services team has issued its latest report: “CrowdStrike Services Cyber Front Lines Report: Observations From the Front Lines of Incident Response and Proactive Services in 2020 and Insights That Matter for 2021.” This blog, which is the foreword to the report, is from CrowdStrike CSO and President of Services Shawn Henry.

In the year since our last report was published, a pandemic has changed not only cybersecurity practices globally, but also our jobs as defenders in the digital space. Our jobs as defenders are more complicated, require more advanced skills and are more important now than ever. Moving from a traditional corporate IT stack to a global “work from anywhere” workforce in a few short weeks was truly a remarkable undertaking for many organizations, and the adversaries took notice. Attackers — both eCrime and state-sponsored — continued to quickly adapt to broad industry changes in an effort to leapfrog legacy defenses, deploy new ransomware and execute data extortion attacks. They persisted in exploiting the path of least resistance, facilitated by the increased attack surface created by the remote workforce, preying on victims’ emotions and corporate vulnerabilities. 

Basic Principles Are Critical

We learned the basic cybersecurity principles we’ve always advocated remain critical: asset inventory, vulnerability management, multifactor authentication, network segmentation, system backup and recovery, and more. Our Services mission has always been focused on helping organizations train for, react to and remediate a breach quickly and effectively to allow them to get back to business faster. In light of the events of 2020, we have organized our responders into “Front-Line Teams” that have a stronger and more defined focus on each of these essential areas:

• Incident Response (IR): Rapid response, containment and investigation with digital forensics and root cause analysis
• Endpoint Recovery Services: Containment of active threats, recovery and remediation with speed and surgical precision
• Falcon Complete™: Continuous 24/7/365 managed detection, response and remediation, backed by up to $1M Breach Prevention Warranty
  

This report outlines trends we’ve identified in the data we collect from hundreds of engagements, along with key themes we’ve observed, to enable you to better protect your organization. I encourage you to review it from your perspective — in a similar situation, what would you, your teams and your organizational leadership do? Perhaps more importantly, how would you fare? Identifying your vulnerabilities, becoming more aware and educating yourself is half the battle.

More Intrusions, Larger Demands

We know attackers will continue to refine their techniques and strengthen their skills to evade security, monetize their access and/or reach their ultimate objective. The year 2020 saw more intrusions than ever before, larger ransomware demands and little opportunity for organizations to improve their security posture while keeping pace with the chaos brought on by the global pandemic. Corporate defenders are spread thin, and adversaries are well organized and better funded than ever, making it much more difficult to detect and respond to threats. 

All is not lost though. CrowdStrike is steadfastly helping our customers move from simply reacting to breaches days or weeks after the fact to continuous monitoring, detection, response and optimization. We are glad you trust us to provide you with the support you need to safeguard your critical assets, especially in these uncertain times. We appreciate your confidence and thank you for your partnership.   

One team, one fight.

Additional Resources

• Download the report: CrowdStrike Services Cyber Front Lines Report: Observations From the Front Lines of Incident Response and Proactive Services in 2020 and Insights That Matter for 2021.”
• Read the press release.
• Register for the CrowdStrike Services Cyber Front Lines Report webcast.
• Find out how CrowdStrike Services can help your organization answer its most important security questions: Visit the CrowdStrike Services webpage.
• Learn about CrowdStrike’s comprehensive next-gen endpoint protection platform by visiting the Falcon products webpage.
• Visit the CrowdStrike Resource Center for Securing Your Remote Workforce.
• Test CrowdStrike next-gen AV for yourself: Start your free trial of Falcon Prevent™.