Classic attack vectors re-emerging but ‘time to detection’ improved nearly 60%
(Johannesburg) February 1, 2017 – Some sobering statistics have been revealed as part of the Cisco® (NASDAQ: CSCO) 2017 Annual Cybersecurity Report (ACR) which includes the Security Capabilities Benchmark, a global survey of nearly 3 000 chief security officers (CSOs) and security operations leaders from 13 countries. With South Africa’s Cybercrimes Bill set for introduction later this year, the 2017 ACR reveals the potential impact of attacks on businesses (from large enterprises to SMBs), including their financials, customer retention and brand reputation. For organisations that experienced an attack during 2016, the effect was substantialwith:
- 22% losing customers (40% of them losing more than 20% of their customer base).
- 29% losing revenue (38% of them losing more than 20% of revenue).
- 23% losing business opportunities (42% of them losing more than 20%).
- More than 50% of organisations faced public scrutiny after a security breach.
Now in its 10th year, the 2017 ACR includes a measure of the effectiveness of security practices in the face of cybersecurity attacks, including ‘time to detection’ (TTD), the window of time between a compromise and the detection of a threat. Faster TTD is critical to constrain attackers’ operational space and minimizing damage from intrusions. During the course of 2016, Cisco successfully lowered the TTD from a median of 14 hours in early 2016 to as low as six hours in the last half of the year*, a reduction of almost 60%.
“While TTD is an important metric, a new metric — the ‘time to evolve’ — looked at how quickly threat actors changed their attacks to mask their identity. With these and other measures gleaned from report findings, and working with organisations to automate and integrate their threat defense, we can better help them minimize financial and operational risk and grow their business,” says Terry Greer-King, Director: Security, at Cisco.
The report also highlights challenges and opportunities for security teams to defend against the relentless evolution of cybercrime and shifting attack modes. According to the report, CSOs cited budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures. Leaders also reveal that their security departments are increasingly complex environments with 65% of organisations using from six to more than 50 security products, increasing the potential for security effectiveness gaps.
To exploit these gaps, ACR data shows criminals leading a resurgence of ‘classic’ attack vectors, such as adware and email spam, the latter at levels not seen since 2010. Spam accounts for nearly two-thirds (65%) of email with 8 to 10% cited as malicious. Global spam volume is rising, often spread by large and thriving botnets. Encouragingly, 90% of organisations that faced cyber-attacks improved threat defence technologies and processes by:
- Separating IT and security functions (38%),
- Increasing security awareness training for employees (38%), and;
- Implementing risk mitigation techniques (37%).
Hacker Operations and New ‘Business’ Models
In 2016, hacking became more ‘corporate.’ Dynamic changes in the technology landscape, led by digitisation, are creating opportunities for cybercriminals. While attackers continue to leverage time-tested techniques, they also employ new approaches that mirror the ‘middle management’ structure of their corporate targets.
- New attack methods model corporate hierarchies: Certain malvertising campaigns employed brokers (or ‘gates’) that act as middle managers, masking malicious activity. Adversaries can then move with greater speed, maintain their operational space, and evade detection.
- Cloud opportunity and risk: 27% of employee-introduced, third-party cloud applications, intended to open up new business opportunities and increase efficiencies, were categorised as high risk and created significant security concerns.
- Old-fashioned adware - software that downloads advertising without user permission – continued to prove successful, infecting 75% of organisations investigated.
- A bright spot emerged with a drop in the use of large exploit kits such as Angler, Nuclear and Neutrino, whose owners were brought down in 2016, but smaller players rushed in to fill the gap.
The 2017 ACR reports that just 56% of security alerts are investigated and less than half of legitimate alerts remediated. Defenders, while confident in their tools, battle complexity and manpower challenges, leaving gaps of time and space for attackers to utilise to their advantage. Cisco advises these steps to prevent, detect, and mitigate threats and minimise risk:
- Make security a business priority: Executive leadership must own and evangelise security and fund it as a priority.
- Measure operational discipline: Review security practices, patch, and control access points to network systems, applications, functions, and data.
- Test security effectiveness: Establish clear metrics. Use them to validate and improve security practices.
- Adopt an integrated defence approach: Make integration and automation high on the list of assessment criteria to increase visibility, streamline interoperability, and reduce the time to detect and stop attacks. Security teams then can focus on investigating and resolving true threats.
*This figure is based on opt-in telemetry gathered from Cisco security products deployed worldwide.
About the Report
The Cisco Annual Cybersecurity Report, now in its tenth year, examines the latest threat intelligence gathered by Cisco security experts, providing industry insights that reveal customer security trends. The 2017 report also highlights key findings from the third annual Cisco Security Capabilities Benchmark Study (SCBS), which examines security professionals’ perceptions of the state of security in their organisations. It shares geopolitical trends, global developments around data localisation, and the importance of cybersecurity as a boardroom topic.
For a complete copy of the 2017 Cisco Annual Security Research report, and to read more about Cisco’s recommendations as to how businesses can mitigate against risk, click here.
Cisco 2017 Annual Cybersecurity Report
Cisco 2017 Annual Cybersecurity Report Graphics
Follow Cisco South Africa on Twitter and @CiscoSecurity on Twitter
Like Cisco Security on Facebook
Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow's digital opportunity today. Discover more at newsroom.cisco.com and follow us on Twitter at @Cisco.
Cisco, the Cisco logo, Cisco Systems and Cisco IOS are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.