Business owners might feel that if they’re targeted by cyber criminals once, it won’t happen again – but analysis of incidents shows that more often than not, attackers come trying to find more.
Businesses which suffer a successful cyber attack are extremely likely to be targeted by cyber criminals again – albeit they’ve taken all the right steps within the aftermath of the initial attack.
The Crowdstrike Services Cyber Front Lines report uses analysis of real-world cases where the cybersecurity company has been brought in to assist combat cyber attacks and it reveals that in over 2/3 of cases there were outside intrusions onto the network, cyber criminals will attempt to break into the same network within one year.
According to Crowdstrike, 68% of companies suffered another “sophisticated intrusion attempt” within 12 months – although in each of the cases, the second attack was prevented by compromising or otherwise gaining access to the network.
While organizations might assume that if they’re hit by a cyber attack once – whether that’s malware, ransomware, business email compromise, phishing or something else – then they won’t be targeted again.
Cyber criminals come probably because they’re hoping that an organisation has not learned the teachings of the primary attack and has maybe even left equivalent vulnerabilities in place of that permitted the initial cyber attackers to breach the network.
“It is tempting to consider intrusions as a lightning strike — a blinding flash that’s unlikely to strike an equivalent place twice. Unfortunately, intrusion attempts are rarely a one-time event,” said the report.
“Organizations that don’t take the chance to use lessons learned and to raised steel oneself against their next encounter with an adversary could suffer attacks that end in additional data loss, ransom demands, extortion or other monetary losses requiring costly legal fees, response services and perhaps even future business interruption,” the paper added.
It’s recommended that within the aftermath of a breach – once the network is secured with timely security updates, stronger passwords and multi-factor authentication – that organizations take the chance to learn from the incident and remain vigilant about what they will do to stop future attacks and even plan how they’d react to a different incident.
One way of doing this is often to regularly perform penetration testing to seek out out where the vulnerabilities are on the network and if defenders can detect the intrusions, specifically when it comes to new kinds of attacks or vulnerability.
“Holistic coordination and continued vigilance are key in detecting and stopping sophisticated intrusions,” said Shawn Henry, chief security officer and president of CrowdStrike Services.
“Because of this, we’re seeing a necessary shift from one-off emergency engagements to continuous monitoring and response. This will better enable incident response teams to assist customers drastically reduce the typical time to detect, investigate and remediate,” he added.