Today marks the launch of the Cisco 2018 Annual Cybersecurity Report, which offers security industry data, analysis and insights about attacker behavior over the past year. This report – now in its 11th year – provides a view into the techniques that adversaries use to elude defenses and evade detection, along with insights and recommendations designed to help organizations and users defend against attacks.
The Cisco 2018 Security Capabilities Benchmark Study, now in its 4th year and featured in this report, offers insights on the security posture of enterprises from more than 3600 Chief Information Security Officers (CISOs) and security industry leaders from 26 countries. It also shares their perceptions of how prepared they are to defend against attacks and the leading practices they employ and recommend. A companion study, the Cisco 2018 Privacy Maturity Benchmark Study, clarifies the importance of having sound privacy processes and policies, and the potential financial benefits and opportunities derived from a mature privacy practice.
This year’s report findings show a maturing, more sophisticated tradecraft by attackers. Case in point: adversaries are increasingly embracing encryption – meant to enhance security – to conceal command-and-control activity. Our threat research team reports that 50 percent of global web traffic was encrypted as of October 2017, a 12 percent volume increase from November 2016. We also observed a more than threefold increase in encrypted network communication used by inspected malware samples during that time. As the volume of encrypted global web traffic grows, adversaries are broadening their use of encryption as a way to mask command-and-control activity, providing them more time to operate and inflict damage sight-unseen.
The evolution of ransomware was another of the most significant threat developments in 2017. By introducing network-based ransomware worms, attackers have eliminated the need for human interaction in launching ransomware campaigns. They also changed the game from pursuing ransom to the outright destruction of systems, data and operations.
Why is this so noteworthy? We saw these rapid-moving, network-based attacks with WannaCry and Nyetya, and expect more automated crypto-worm activity in the year ahead. Security teams need to be aware and prepare; speed and mass affect are the goals.
Our 2018 report spotlights how adversaries are evolving their approaches to exploit new technology security gaps. Of note are DevOps systems and services, often exposed because they were deployed improperly or left open intentionally for convenience. Additionally, industrial control systems at the heart of all manufacturing, and process control systems linked to other electronic infrastructure, are creating a highly connected ecosystem of vulnerable devices that attackers are eager to compromise.
These are just a few of the ways attackers are exploiting new technology security gaps to do harm. See the report for additional perspective on the Internet of Things (IoT), Information and Operational Technology (IT and OT), Value Chain, and Distributed Denial of Service (DDoS) threats.
The report also covers the orchestration challenges that a complex mix of products and solutions from numerous vendors pose to defenders. Simply put, as the number of applied vendors’ solutions increases, so does the complexity and challenge of orchestrating alerts from these multiple sources. A simple, open, automated and effective security architecture is certainly the way to go.
To counter many of these challenges, we observe security teams increasing their investment in advancing technologies, relying on automation, machine learning, and Artificial Intelligence (AI) to help protect their organizations. The report describes a significant majority – more than 90 percent – using behavior analytics to identify and locate threat activity. They then apply this data to help mitigate attacks and see around the corner in anticipation of what’s to come.
The report findings show 83 percent of respondents relying on automation with 74 percent reliant on AI to help shoulder the workload of securing their organizations. As these technologies enable detection and prevention of threats so numerous and stealth that no human team can catch, CISOs increasingly look to AI and automation to help counter their adversaries and improve defenses.
Such technologies are powerful tools for visibility, automation and insight, yet don’t overlook traditional techniques. Self-propagating, network-based attacks like WannaCry and Nyetya could have been prevented or at least had minimized impact if more organizations had applied fundamental security practices such as patching, setting appropriate incident response processes and policies, and segmenting their networks. Basic hygiene is critical and must not be ignored.
In the past year, we’ve seen uninvestigated alerts continue to create huge business risk, and yet many remain not remediated. Of the 93 percent of organizations that experienced a security alert, 44 percent were not even investigated. Of the 56 percent that were investigated, only 51 percent of the legitimate alerts were remediated, leaving almost half untouched and the organization vulnerable. How can this be? This is a direct call for greater innovation, diligence and better answers to our challenges.
As adversaries continue to use more sophisticated practices, and become more adept at concealing their activity and undermining traditional security technologies, security teams must up the game. Not only for those at the front lines of defense – cybersecurity must start at the top. From the Board to the C-suite, our executive leadership must set the tone and engender a ‘security-first-always-and-everywhere’ culture that flows throughout the organization.
No single strategy, technological solution or approach will solve all of the challenges that our adversaries throw at us. It takes a comprehensive and unified approach across people, process, technology and policy. By making strategic security improvements, employing advanced technologies and industry leading practices, defenders can increase visibility into a miscreant’s actions, slow their progress, and minimize their exposure to risk. The Cisco 2018 Annual Cybersecurity Report offers recommendations that will help you and your organization to do just that.
A quick shout out to our security technology partners – Anomali, Lumeta, Qualys, Radware, SAINT Corporation and TrapX – who contributed to the 2018 report.Their research and perspectives are essential in helping Cisco to provide the security community, businesses and users with relevant insight into our complex modern, global cyber-threat landscape, as well as to share their knowledge and practices for improving defenses.