Security Experts:

Connect with us

Hi, what are you looking for?



Organizations Still Slow to Detect Breaches: CrowdStrike

Organizations are getting better at detecting intrusions on their own, but it still takes them a long time to do it, according to a new report published on Tuesday by endpoint security firm CrowdStrike.

Organizations are getting better at detecting intrusions on their own, but it still takes them a long time to do it, according to a new report published on Tuesday by endpoint security firm CrowdStrike.

According to the 2018 CrowdStrike Services Cyber Intrusion Casebook, which is based on the analysis of over 200 major security incidents, 75% of organizations that used CrowdStrike’s incident response services in 2018 managed to internally detect a breach, up from 68% in the previous year.

However, the average attack dwell time – or the time it takes to detect an attack – was 85 days, comparable to the 86 days reported by the company in its 2017 report.

“Clearly, there is considerable room for improvement. Boards of directors, executive management, and the public at large are all rightly concerned that organizations take days, weeks or even months to detect attacks,” CrowdStrike said in its latest report.

CrowdStrike believes organizations should be able to detect a threat within one minute, investigate it in ten minutes, and remediate it within 60 minutes – the company calls this the 1-10-60 rule.

As for attack objectives, CrowdStrike says nearly half of the incidents analyzed by its experts were financially motivated. The second most common attack objective was intellectual property theft (30%), followed by theft of personal information (10%), ransomware (7%), cryptocurrency mining (3%), destruction (2%), and corporate espionage (1%).

Social engineering, phishing and spear-phishing were the attack vector in roughly one-third of cases, up from 11% in the previous year. The biggest single vector remains web server attacks, accounting for nearly 20% of the total.

Attack vectors

CrowdStrike has highlighted several important attack trends. The company says malicious actors have continued to come up with creative tactics and techniques. For example, experts uncovered cases where the attackers had been using remote access tools that provided them the ability not only to read their victims’ emails, but also to watch the email being written and sent in real time.

The company’s investigations also included cases where adversaries re-entered an organization’s network shortly after another vendor’s incident response team had been called in by the victim, and even cases where the attacker was still present on the network even after an incident response team believed that the threat was removed.

Another major problem highlighted by CrowdStrike is that attackers continue to masquerade as legitimate users. State-sponsored actors often rely on stolen credentials for email and VPN access, while profit-driven cybercriminals use credential stuffing and business email compromise (BEC) tactics.

“Today, it’s absolutely critical that cyber defenders and executives stay informed of emerging attack techniques, trends in targeting, and lessons learned from real-world cybersecurity cases,” Thomas Etheridge, VP of CrowdStrike Services, told SecurityWeek.

“In addition to detailing an uptick in social engineering, phishing and business email compromise attacks, we also established that many adversaries use commodity malware to launch destructive attacks and continue to leverage living-off-the-land techniques to stay undetected. To combat these challenges, CrowdStrike continues to advocate for faster and more effective detection and response, including the 1-10-60 rule that helps businesses lay the essential groundwork to defeat adversaries. The Services Casebook can be used as a critical guide for Corporate Boards and C-suites looking to safeguard their most valuable data,” Etheridge added.

Related: ‘Five Eyes’ Agencies Release Joint Report on Hacking Tools

Related: 92% of External Web Apps Have Exploitable Security Flaws or Weaknesses

Related: Cyberattacks Against Energy Sector Are Higher Than Average

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.