The Cisco Midyear Cybersecurity Report (MCR) has been released and the findings are certainly eye-opening.
The team at Cisco uncovered a rapid evolution of threats and an increasing magnitude of attacks, forecasting potential ‘destruction of service’ (DeOS) attacks – a method that could eliminate organisations’ backups and safety nets required to restore systems and data after an attack and leaving businesses with no way to recover.
What’s more, with the rapid advent of the Internet of Things (IoT), key industries are bringing more operations online and consequently increasing attack surfaces and the potential scale and impact of these threats.
Cisco asserts the IoT is ‘ripe’ for exploitation given its security weaknesses, which means it will play a central role in enabling these campaigns with escalating impact.
According to Cisco, current IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the Internet itself.
“As recent incidents like WannaCry and Netya illustrate, our adversaries are becoming more and more creative in how they architect their attacks,” says Steve Martino, vice president and chief information security officer at Cisco.
“While the majority of organisations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”
Cisco says ‘time to detection’ (TTD) is crucial in the face of these attacks as a faster TTD can constrain attackers’ operational space and minimise damage from intrusions.
For instance, over the period from November 2016 to May 2017 Cisco decreased its median TTD from just over 39 hours to about 3.5 hours.
“Complexity continues to hinder many organisations’ security efforts. It’s obvious that the years of investing in point products that can’t integrate is creating huge opportunities for attackers who can easily identify overlooked vulnerabilities or gaps in security efforts,” says Scott Manson, cyber security leader for Middle East and Turkey at Cisco.
“To effectively reduce TTD and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps.”
The researchers at Cisco watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques:
Cisco noted a striking decline in exploit kits, however, other traditional attacks are seeing a resurgence:
There were also some interesting findings when narrowing the threats down to industry.
Within the public sector, of threats investigated 32 percent are identified as legitimate threats but only 47 percent of these threats are eventually remediated.
In retail, 32 percent said they’d lost revenue due to attacks in the past year with about a quarter losing customers or business opportunities
40 percent of manufacturing security professionals said they don’t have formal security and don’t follow standardised information security policy practices.
Meanwhile 42 percent of security professionals in Utilities and 37 percent in Healthcare said targeted attacks are high-security risks to their organisations.
In short, Cisco advises organisations to be proactive rather than reactive, taking steps like: