Leadership Perspectives

With over 15 years of experience in the Cybersecurity and Information Security industry, Justin Weissert is the Vice President of Professional Services at CrowdStrike. Justin has worked with hundreds of companies in various consulting, management, and leadership roles across CrowdStrike and KPMG previously. As Vice President, he leads all CrowdStrike’s professional services including incident response, proactive services, training, and more.

A cyberattack is an attempt by cybercriminals, hackers, or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, encrypting for ransom, destroying or exposing information and data.

Cyberattacks can target a wide range of victims from individual users to enterprises or even governments. When targeting businesses or other organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as intellectual property (IP), customer data or payment details.

In recent years, cyberattacks have become more sophisticated, increasing the need for a comprehensive cybersecurity strategy and advanced tooling. The shift to the cloud, as well as the explosion of connected devices, are two driving factors behind the need for organizations to modernize and strengthen their digital security capabilities.

For example, on the ransomware front, this year CrowdStrike has observed 1,811 Big Game Hunting (enterprise-level targeted ransomware) incidents so far with about 48 targeted ransomware events per week. The average ransom demand has reached $6M.

The COVID-19 pandemic made it extremely apparent that cybersecurity should be treated as the equivalent of shelter in the corporate hierarchy of needs. As the threat landscape continues to evolve, the growing threat of breaches, downtimes and ransomware payments is becoming a board-level conversation with millions of dollars at stake. Especially in the B2B SaaS industry, cybersecurity plays an integral role in the protection of company intellectual property, customer information and other important data that must be secured outside of the physical world. Failure to protect this data not only puts your business and your customers at risk but can also put the company into jeopardy of OFAC and GDPR regulations.

Hacker motivations vary depending on what kind of threat actor they are: eCrime, nation-state or hacktivists.

eCrime motivations are relatively straightforward: making money. eCriminals are driven by making as much money as possible, as fast as possible. As such, many are migrating toward ransomware as their operation of choice, as it’s proving to be one of, if not the most lucrative operations today. These eCriminals can be targeted in their approach or simply leverage a “spray and pray” method to hit as many unsuspecting targets as possible.

Nation-state adversaries are driven by information gathering and espionage that ultimately benefits their nation. Nation-states will often target certain verticals – agriculture, healthcare, manufacturing, education, defence, etc. – in order to gain valuable proprietary information to bolster their respective industries.

Last but not least, hacktivists engage in disruptive or damaging activity on behalf of a cause, be it political, social or religious in nature. These individuals or groups often see themselves as “virtual vigilantes,” working to expose fraud, wrongdoing, or corporate greed, draw attention to human rights violations, protest censorship or highlight other social injustices.

Though many hacktivists claim to have noble intentions and often work in pursuit of equality, justice or improved human rights, it is important to remember that hacktivism falls into the category of cybercrime. It is illegal regardless of the hacker’s motivations or the attack’s outcomes.

At the turn of the century, malware continued to evolve and become more prevalent. The growing world wide web offered new and lucrative opportunities to monetize malware. Malicious toolkits, email worms, phishing schemes and other methods of delivery spread online at a rampant pace. Since 2010, the targets of malware attacks have expanded beyond just individual consumers and their desktops to organizations and Internet of Things (IoT) devices. In recent years, nation-state and eCrime actors have focused on more sophisticated, large-scale attacks – what we now refer to as Big Game Hunting. Ransomware malware is by and large the most dangerous type of malware today as ransomware campaigns have successfully impacted critical infrastructure, hospitals, government agencies and the supply chain that supports our way of life.

In a ransomware attack, an adversary encrypts a victim’s data and offers to provide a decryption key in exchange for a payment. Ransomware attacks are usually launched through malicious links delivered via phishing emails, but unpatched vulnerabilities and policy misconfigurations are used as well. We’ve found in recent years that ransomware actors are gravitating toward Big Game Hunting, in which ransomware actors will target enterprises and take time to prepare the environment for maximum damage and pay-out. Even more concerning is that we’ve even seen ransomware actors adopt double extortion tactics, in which they will charge a ransom to decrypt the data, and if the victim organization refuses to pay then charge an increased ransom to not have the data leaked or sold.

When a business is hit by a ransomware attack, they’re immediately at risk of losing millions of dollars from the downtime, the ransomware payment, or the extortion related to data leakage – or in the worst case all the above. In the aftermath, they must also face issues with customer trust and possible regulatory sanctions from OFAC and GDPR if they end up paying the ransom.

This regulatory area is a space that is likely to see significant attention in the coming years as governments and regulatory bodies attempt to devise plans to slow the pervasiveness of ransomware. One such suggestion is to make it illegal to pay a ransom. The thought being that if companies can’t pay, the adversaries have less incentive to continue to target them.

To fight against ransomware, businesses need to take a holistic, proactive approach with their security solutions. Legacy, signature-based, “good enough” security solutions are no longer enough. The first step is to upgrade to next-generation AI/ML-based endpoint security. Furthermore, threat hunting capabilities – whether in-house or through managed services, are key to a proactive defence against ransomware. Threat hunters engage in “hand-to-hand” combat against threat actors who engage in hands-on-keyboard attacks. Staying well informed through threat intelligence and maintaining an incident response strategy through tabletop exercises are other key factors in decreasing the risk of a ransomware attack.

CrowdStrike stands at the forefront in the fight against ransomware by combining the power of people, processes, and technology. Our Falcon platform provides customers with the next-generation antivirus and EDR capabilities necessary to catch even the most sophisticated threats before they become a problem. Additionally, our threat intelligence, threat hunting and incident response services give customers the human power necessary to follow the 1:10:60 rule – 1 minute to detect a breach, 10 minutes to investigate, and 60 minutes to remediate. For customers with limited internal resources, our Falcon Complete fully managed service alleviates the burden of ransomware defence from our customers by providing the technology and services necessary to combat even the most sophisticated threats.

Start by assessing the solutions you have in place. Make sure they’re patched and updated. If they’re outdated, upgrade to AI/ML-based solutions. Incorporate threat hunting into your security suite – whether it be internal experts or outsourced to a managed service. Be sure to elevate your business’s cybersecurity to a Board-level priority. Practice your response capabilities in advance of an attack – leveraging a multitude of scenarios from common to advanced.