The impact of an IT security breach is tangible, in losses – lost revenues, customers, and opportunity, says the US firm Cisco in its tenth annual report on cybersecurity.
The number of solely IT security people remains steady; they may have to deal with 5000-plus alerts a day, the internet firm says. In 2016, hacking became more “corporate”, in the IT firm’s words. Changes in technology, led by digitization, are creating opportunities for cyber-criminals, the firm suggests. While attackers continue to use time-tested techniques, they also employ new approaches that mirror the “middle management” structure of their corporate targets. Certain malvertising campaigns employed brokers (or “gates”) that act as middle managers, masking malicious activity. Adversaries can then move with greater speed, maintain their operational space, and evade detection. Twenty-seven percent of employee-introduced, third-party cloud applications, intended to open up new business opportunities and increase efficiencies, were categorized as high risk and created significant security concerns. Old-fashioned adware ‑ software that downloads advertising without user permission – continued to prove successful, infecting 75 percent of organisations investigated.
More than one-third of organisations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent. Ninety percent of these organisations are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent). The report surveyed nearly 3000 chief security officers (CSOs) and security operations people from 13 countries in the Security Capabilities Benchmark Study, part of the Cisco Annual Cybersecurity Report (ACR).
John N Stewart, Senior Vice President and Chief Security and Trust Officer, Cisco, said: “In 2017, cyber is business, and business is cyber –that requires a different conversation, and very different outcomes. Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture.”
For an infographic, visit http://www.cisco.com/c/dam/en/us/solutions/collateral/security/annual-reports/acr-infographic-2017.pdf.
Comments
Darren Anstee, Chief Security Technologist at Arbor Networks, said: “Cisco’s report highlights the relentless evolution of cybercrime and shifting attack methodologies being used to target organisations. The report once again reminds us how important it is to be prepared and have the right processes and people in place. Cyber-criminals continue to be innovative, and technology alone cannot protect us. The report highlights that businesses cannot investigate the alerts they receive today, simply deploying more detection technologies that generate additional alerts won’t help. It is becoming increasingly important for organisations to invest in security technologies and processes based on their ability to maximise the effectiveness of their security teams, allowing them to investigate quickly and focus on what matters.
“The goal of security is to reduce business risk, that is where value can be demonstrated. To do this organisations need to implement metrics that allow them to quantify whether investments have a positive or negative effect on overall risk. Getting this part right can make it easier to get investment, and can help business to move the security of their organisations in the right direction.”
And David Kennerley, Director of Threat Research at Webroot, said: “We have seen an explosion of malicious applications in the last year, especially targeting Android devices. Malvertising is the fastest growing category of malware we observed, with 720 per cent growth in 2016 as per our research. We’re also seeing more adware apps with rooting functionality, which shows that attackers are becoming increasingly sophisticated. The most affected category of malicious apps we saw was productivity tools, representing 31pc of all malicious Android apps detected. This is in line with Cisco’s finding that 27pc of employee-introduced, third-party cloud applications, intended to open up new business opportunities and increase efficiencies, were categorised as high risk and created significant security concerns. We believe this is due to many users not expecting a productivity or professional tool to be a target for cyber criminals, but the reality is that these apps often need quite a lot of information or integration with email accounts to function, so they can be quite effective threat vectors for cunning attackers.”
You can download the report via http://www.cisco.com/go/acr2017.
