On its 10th anniversary, Cisco Annual Cybersecurity Report Highlights Increase in Classic Attack Vectors and Need to Reduce Detection Time.
More than a third of organizations that suffered a cybersecurity attack in 2016 Had losses Substantial (superior to 20%) of clients, revenue and business opportunities.
After the attacks, the 90% of these organizations are improving their threat defense technologies and processes by separating security and IT functions (38%), improving employee awareness through training (38%) and implementing risk mitigation techniques (37%).
This is clear from the Annual Cybersecurity Report 2017 from Cisco, which includes the Security Capabilities Benchmark Study and whose conclusions are based on interviews about 3.000 Security Directors (CSOs) and Responsible for Security Operations of 13 Countries.
Limited budgets, poor compatibility of systems and deficit of professionals are the main barriers cited by CSOs to improve their security processes. These managers also claim that their Security departments are increasingly complex environments.. One 65% of the organizations consulted use between six and more 50 security solutions, Reducing potentially its effectiveness and Increasing potential security breaches.
One of the ways cybercriminals exploit these breaches is the use of 'classic' attack vectors., such as adware and spam for e-mail, reaching the latter levels not seen since 2010. Spam accounts for about two-thirds (the 65%) of all emails, being malicious among the 8 and the 10% of them. The volume of spam is increasing on a global scale, often spread by large and growing botnets (computer networks controlled by attackers).
The Cost of Cyber Threats: loss of customers and revenue
The Annual Cybersecurity Report 2017 reveals the potential financial impact of attacks on business, from SMEs to large companies. For more than 50% of organizations that suffered a security breach, the incident became public and was submitted to the public. Operations processes (shutdown of critical productivity systems) and finance were the most affected, followed by brand reputation and customer retention.
For organizations that suffered an attack, the consequences were substantial:
- The 22% of the organizations attacked lost clients (the 40% lost more than 20% of your customer base).
- The 29% Lost revenue, and the 38% of this group had losses greater than 20% of income.
- The 23% of the organizations attacked lost business opportunities (the 42% lost more than 20%).
Operations and attack models
In 2016, cybercriminal activity has become even more professionalized. The continuous technological evolution, driven by digitalization, creates new opportunities for cybercriminals.
- New attack methods simulate corporate hierarchies: some malvertising campaigns employed brokers (or "doors") that function as intermediate links, masking malicious activity. Attackers can then move more quickly, maintain your operating space and avoid detection.
- Opportunity and risk associated with the Cloud: the 27% of third-party cloud applications introduced by employees – with the intention of increasing their efficiency and creating new business opportunities- were considered high risk and raised significant safety concerns.
- The classic adware (software that downloads advertising without the user's permission) has maintained its effectiveness, infecting the 75 percent of organizations investigated.
- On the contrary, the use of large exploit kits such as Angler has decreased, Nuclear and Neutrino -after the dismantling of their creators in 2016-, although they have been impersonated by small groups of cybercriminals.
Shield the business and maintain vigilance
The Report 2017 reveals that only the 56% of security alerts are investigated, and less than half of legitimate alerts are remediated. The defenders, although they trust their security tools, face significant challenges of complexity and lack of professionals, leaving gaps in terms of time and operational space that attackers can use as an advantage. Cisco recommends the following steps to prevent, detect and mitigate threats and minimize risk:
- Make security a business priority: executive management must promote safety and turn it into a priority.
- Evaluate the operational strategy: review security practices, patching and control of access points to network systems, Applications, functions and data.
- Measure safety efficacy: establish clear metrics and use them to validate and improve security practices.
- Adopt an integrated defense strategy: make integration and automation a priority to increase visibility, improve interoperability and reduce Detection Time to stop attacks. In this way, Security teams can focus on investigating and remediating the most damaging attacks.
Ten years of research
Cybersecurity has changed enormously from Cisco's first Annual Security Report on 2007:
- In 2007, the Report identified web and business applications as targets, often through social engineering or failures committed by the users themselves. In 2017, cybercriminals attack Cloud applications and spam has multiplied.
- Ten years ago, malware attacks were increasing, organized crime being the one that benefited. Today, in the underground economy, cybercrime is managed like a business, offering different options to potential customers (cybercriminals). Attackers can be anyone and be anywhere; do not need safety knowledge and can easily purchase ready-to-use operating kits.
- The Report 2007 Monitored 4.773 Cisco IntelliShield security alerts, very similar in number to those counted by the National Vulnerability Database. In 2017, for the same time period analyzed, Cisco vulnerability alerts have increased by 33% until 6.380. This increase is due to increased awareness of the importance of security., to the greater attack surface and the greater activity of the adversaries.
- In 2007 Cisco recommended organizations adopt a holistic security strategy, integrating tools, processes and policies, and educating workers and partners to protect their environments. However, most vendors have been offering point solutions. In 2017 CSOs face high complexity in their environments.
Fountain: Culm