Security was a leading topic throughout 2017 across all industries, and has already dominated headlines in 2018 as well. Ransomware, a malicious form of malware designed to block access to computer systems pending a “ransom” payment, was the dominant cyber threat in 2017. According to Cybersecurity Ventures, a business falls victim to a ransomware attack every 40 seconds, and they predict that number will rise to every 14 seconds by 2019.
Last week Cisco released their 2018 Annual Cybersecurity Report, which provides key insights and cybersecurity threat intelligence findings from across the entire Cisco portfolio. Along with threat intelligence Cisco also incorporates a collection of results from their 2018 Security Capabilities Benchmark Study, which surveys over 3,600 Chief Information Security Officers (CISO) and security industry leaders to gain insights on enterprises security posture. The 2018 ACR is focused around:
- The evolution of malware
- Malicious encrypted web traffic
- Adversaries’ exploitation of IoT and cloud services
- The cost of attacks and defender’s challenges and obstacles
- Addressing cybersecurity among people, policies, and technology
- Cisco suggestions for how the state of the industry can improve
Cisco’s threat research shows that 50% of global we traffic was encrypted as of October 2017. While to web traffic encryption is designed to enhance security, it does reduce visibility. Adversaries are using this encryption as a tool to conceal command-and-control activity, which buys them more time to operate and inflict damage. More enterprises are turning to machine learning and artificial intelligence to help detect unusual patterns in large volumes of encrypted web traffic.
According to Cisco’s 2018 Security Capabilities Benchmark Study 55% of respondents said their organizations had to manage public scrutiny of a breach in 2017, including:
- Operational obstruction
- Overall complexity of responding
- Decline in revenue
- Loss of customers
The top security challenges organizations can anticipate facing in 2018 include:
- Automated crypto-worm activity
- More OT and IoT attacks throughout 2018
- Lack of properly trained security personnel
Adversaries are evolving their techniques at a faster pace than defenders are implementing security strategies. They are weaponizing their exploits and evasion strategies to launch attacks at increasing magnitudes. Defenders preparation and ability to recover quickly depends largely on the steps they are taking to strengthen their security posture.
According to Cisco’s 2018 Security Capabilities Benchmark Study more than 53% of all cyber attacks resulted in financial damages of $500,000 or more. The areas organizations are finding most challenging to defend area mobile devices, user behavior and public cloud data.
A key metric Cisco focused on in throughout 2017 was time to detection (TTD), which dropped from a 39-hour median in 2015 to ~4,6 hours in October of 2017. Using cloud-based security technologies has been a key for Cisco in lowering its median TTD.
Adhering to common best security practices and implementing strategic security improvements can reduce companies’ exposure to developing cybersecurity risks and can provide better visibility into the emerging threat landscape. To better your security posture you should implement first-line-of-defense tools, adopt next-generation monitoring tools, perform consistent reviews, analytics, and data back-up. With malware hiding in encrypted web traffic and it’s also important to adopt advanced security technologies that will prevent and detect the use of encryption for concealing malicious activity.
