IT users need to reduce time to detection (TTD), to remediate against sophisticated attacks by highly motivated threat actors. The digital economy and the Internet of Everything (IoE) create new attack vectors and ways for adversaries to make money out of their cyber-attacks. So says the internet product company Cisco in its Midyear Security Report. Ransomware remains highly lucrative for hackers as they continue to release new variants. Ransomware operations have matured to the point that they are completely automated and carried out through the dark web. What the firm calls the ‘innovation race’ between adversaries and security vendors is accelerating, placing IT users at more risk. Global cyber governance is not prepared to handle the emerging threat landscape or geopolitical challenges, it’s claimed (see also below). John N Stewart, senior vice president, chief security and trust officer at Cisco, said: “Organisations cannot just accept that compromise is inevitable, even if it feels like it today. The technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks.” A purely preventive approach has proven ineffective, according to Jason Brvenik, principal engineer, Security Business Group at Cisco. He said: “Hackers, being unencumbered, have the upper hand in agility, innovation and brazenness. We see this time and again, whether it is nation state actors, malware, exploit kits or ransomware.”
The report suggested that new risks associated with Flash, the evolution of ransomware, and the Dridex mutating malware campaign, reinforce the need for reduced time to detection. With the digitisation of business and the IoE, malware and threats become even more pervasive, which shines a light on the security industry’s estimates of 100 to 200 days for TTD.
Comment
George Anderson, Director at Webroot, commented on ransomware: “With ransomware the solution is simple: if nobody paid then these scams would simply not work. A good, offline back-up solution is the most powerful tool in the fight against ransomware. This can be done manually through an external hard disk or automatically by some anti-virus software. Ideally, both would be used as we’re all guilty of forgetting to back-up files, but online software would do this automatically. This then gives the infected user the ability to restore their device to its original state without succumbing to the malware publishers.”
