1. What do you predict the most critical vulnerabilities will be for businesses in 2021?
The ransomware ecosystem pivots to double extortion. In 2021, we expect to see more ransomware attackers evolve towards the use of a double extortion model, where the threat actors will encrypt the target’s data and not only demand a ransom for its return but leverage additional payment incentives to add pressure on the victim to pay the ransom. Some threat actors will use a more targeted approach and threaten to publicly release and/or auction the data unless the victim pays up.
This coming year, these sophisticated cyberattacks will put enormous stress on the availability of services – in everything from rerouted healthcare services impacting patient care to the availability of online and mobile banking and finance platforms. Cybercriminals will continue to refine these approaches and experiment with different business models, including affiliate schemes designed to recruit more people to deploy attacks for a share of the profit.
A complex geopolitical situation will have lasting cybersecurity implications. Over the last couple of years, CrowdStrike has seen significant damage done to relations between Western nations, China, and Russia. To prepare for the worst-case scenario, this coming year the West should make stronger decisions on where critical or widespread technology is imported from, even going as far as to ban certain consumer technologies.
This year, we’ll likely see these decisions spread even further from government and enterprise technology to everyday consumer technology. Public-facing applications and services are increasingly at risk, as adversaries are eager to use any exterior gaps and weaknesses as initial footholds.
Detection response and compliance issues influence the adoption of work-from-anywhere environments. According to the 2020 CrowdStrike Global Security Attitude Survey, respondents on average estimated it would take at least 117 hours to detect a cybersecurity incursion, compared to 120 hours in 2019, which demonstrates a lack of any real progress made. The complexity due to the growing work-from-anywhere environments will continue through 2021, and we could see this number significantly increase. In turn, this will put pressure on organizations trying to deal with an attack and put them at risk of violating GDPR and other data breach notification laws. In 2021, organizations must heavily consider the risks of non-compliance versus the agility needed for rapid expansion to a work-from-anywhere model. The coming year will bring an uptick in compliance violations with regulations such as GDPR, as businesses struggle to keep up.
Nation-state adversaries remain active while leaving a smaller footprint. Despite the proliferation of eCrime taking the limelight, 73% of 2020 Global Security Attitude Survey respondents believe nation-state-sponsored cyberattacks will pose the single biggest threat to organizations like theirs in 2021. Nation-state adversaries remain active while taking advantage of global issues spilling into cyberspace. This will result in more attacks against organizations and governments engaged in the race to find a COVID-19 cure through to some nation-states looking to benefit from the rise in financially motivated attacks.
In 2021, the smaller footprint will put organizations at risk of silent failure. While all eyes are on the rise in eCrime, organizations will need to remain vigilant in defending against nation-states to prevent potentially devastating attacks.
Accelerated technology adoption brings risk to business security. The accelerated rate of technology use will bring along inherent risks to the home and office networks. Devices, networks, data – and the management of all these is no longer a straightforward problem: In 2021, everything on both sides of the firewall will be the business’ responsibility.
This coming year, cyberattacks will put enormous stress on the availability of services – in everything from rerouted healthcare services impacting patient care to the availability of online and mobile banking and finance platforms.
2. What sets CrowdStrike Falcon EDR apart from your competitors? In terms of real-time visibility, threat prioritisation, and modularity?
The scalability of our threat intelligence and how we can deliver that to customers in a meaningful way plus the speed of our technology, is truly a game changer. One of the main reasons CrowdStrike has become so highly regarded in the industry is due to the fact we have pioneered quite a new approach to endpoint protection, which leverages cloud-nativity. Falcon is built on 100% cloud-based architecture and that removes a lot of the burden associated with the installation, management, and tuning of legacy security solutions.
The cloud-native nature of Falcon coupled with the power provided by the use of the threat graph, results in one of the most powerful analytic security engines to date. Effectively meaning each new customer or threat that is encountered and added to that platform, is immediately shared across our entire customer base in real-time. We call this “crowd security. Our threat graph processes as many events in one day as Twitter posts tweets in a whole year. Ultimately, every piece of data that the threat graph ingests makes it more efficient and smarter, speeds up investigations for customers, and helps them to stop future incidents.
3. CrowdStrike’s Falcon EDR reduces “fatigue levels by 90%” Can you expand on how the solution can achieve that result and the benefits of this for businesses?
Alert fatigue is of great concern to businesses, as the stream of potential threats can be buried in a load of noise. The main challenge is not to gather the information, but to understand the data collected “finding the needle in the haystack” against all the alerts that have been identified. Traditional EDR solutions gather as much endpoint information as possible and then direct it at the administrator, who sometimes struggles to identify key points — meaning important alerts end up getting missed. In addition, regarding resources and time the nature of the process means these end up being wasted, as the security teams struggle to piece together all the different alerts. CrowdStrike overcame this by combining the alerts with cloud-based analytics and correlating that data to help customers make more informed decisions. Meaning alerts are pulled together to identify specific alerts, by focusing on the full incident rather than the individual alerts, businesses can see a reduction in the number of items that require the attention of the analyst.
4. USB security is of growing concern to businesses currently operating remotely, how do Falcon device control and USB security protect businesses from data and malware breaches?
CrowdStrike Falcon device control gives businesses visibility into how their mass storage devices are being used, and it enhances the control and management of all devices. For example, a business could allow a read and write access without the execution of any software, protecting against vulnerabilities that may come from USB sticks. This control is in great demand from companies with the majority of their employees remote working.
5. Can you elaborate on the key differentiators of your Firewall add-on module, particularly what sets you aside from your competitors?
The key differentiator is the scalability of Falcon as it is a single platform that runs on a single, intelligent agent which can be consolidated into one dashboard. The one dashboard approach makes it much more user-friendly than other solutions. In addition, other differentiators are speed, ease of use, and seamless deployment – all wrapped up in a central view, meaning you do not have to jump across multiple platforms and interfaces.
6. A Total Economic Impact (TEI) report commissioned by CrowdStrike found that the Falcon Platform could generate cumulative savings of $6.7 million representing an estimated 316% ROI with payback in less than three months. With a particular focus on SMEs can you outline how this cost-saving translates to smaller businesses?
One of the key takeaways for small/ medium businesses is that the upfront purchase price of security services and products may be high. After purchasing the solution, you require installation, configuration, and management. Using CrowdStrike’s next-gen products alongside a managed service company like Zuri Technologies ensures a cost-effective and future-proof solution. Once a product is fully deployed it is key that you act on the data collected and carry out remediation work, if this work is not completed with best practice processes and not deployed by skilled engineers, the cost to a company can be far greater than the cost of the initial product. As you know, the cost of a breach could be detrimental to a company. The main focus should be the business value rather than seeing the investment only as an outgoing cost.
7. What are the added benefits of working with managed service providers such as Zuri Technologies?
Even with the best solutions in the world if you do not have the skill set to deploy and manage them correctly in-house, it is best to use a trusted and certified managed IT provider such as Zuri Technologies. Companies such as Zuri have the knowledge of the next-gen solutions combined with the right people in place, meaning they can properly manage and monitor your infrastructure. It is not just software or technology, but a combination of technology, people, and process that ultimately work to stop breaches and keep your business secure.
